Sponsored by..

Tuesday 24 November 2015

Malware spam: "Abcam Despatch [CCE5303255]" / orders@abcam.com

I don't have the body text to this particular message, but it is not actually from Abcam. Instead it is a simple forgery with a malicious attachment.
From     orders@abcam.com
Date     Tue, 24 Nov 2015 13:48:14 +0300
Subject     Abcam Despatch [CCE5303255]
The attachment name is invoice_1366976_08-01-13.xls and it comes in at least two versions (VirusTotal [1] [2]) containing a malicious macro like this [pastebin] which downloads from the following locations (there may be more):

biennalecasablanca.ma/7745gd/4dgrgdg.exe
villmarkshest.no/7745gd/4dgrgdg.exe

This binary has a detection rate of 2/55 and phones home to the following IPs (according to this):

157.252.245.32 (Trinity College Hartford, US)
89.108.71.148 (Agava Ltd, Russia)
89.32.145.12 (Elvsoft SRV, Romania / Coreix, UK)

MD5s:
00ac8683e56102928e825f8d71b15473
2e22d61bed8c1aafaef7700c5b1f26c2
87f0a43f81efa9fb3ff26b83ec831248

Recommended blocklist:
157.252.245.32
89.108.71.148
89.32.145.12

Posted by at
Labels: , , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)