This fake financial spam is not from Aline Pumps but is instead a simple forgery with a malicious attachment. In any cases Aline are an Australian company, they would not be sending out invoices in UK pounds.
From: Bruce Sharpe [bruce@alinepumps.com]
Date: 2 December 2015 at 09:44
Subject: Aline Payment Request
ATTENTION: ACCOUNTS PAYABLEDear Sir/Madam,Overdue AlertOur records show that your current balance with us is £2795.50 of which £2795.50 is still overdue.Your urgent attention and earliest remittance of this amount would be appreciated.We value your business and we would like to resolves any issues as quickly as possible. I am personally available on (02) 8508 4900 or bruce@alinepumps.comSincerely,Bruce Sharpe - Accounts ReceivablePO Box 694 Engadine NSW 2233 P. 02 9544 9999 F. 02 9544 8599 E. bruce@alinepumps.com
Attached is a file Statement_1973_1357257122414.doc which comes in at least three versions (although I have only seen two), with VirusTotal results of 4/55 [1] [2] and automated analysis [3] [4] shows download locations of:
pivarimb.wz.cz/4367yt/p0o6543f.exe
allfirdawhippet.com/4367yt/p0o6543f.exe
apparently there is another download location of
sebel.fr/4367yt/p0o6543f.exe
In any case, the downloaded binary is the same and has a detection rate of 3/55 The Malwr analysis and this Hybrid Analyis shows it phoning home to:
193.238.97.98 (PJSC DATAGROUP, Ukraine)
I strongly recommend that you block traffic to that IP.
MD5s:
4e87044b5566951e71c5b672ce416c7f
2b1ff4b456e926329a895be8ac136661
b99e4e57b0f319da4578cb957f910581
No comments:
Post a Comment