This fake financial spam does not come from
Les Caves de Pyrene but is instead a simple forgery with a malicious attachment.
From: Avril Sparrowhawk [Avril.Sparrowhawk@lescaves.co.uk]
Date: 22 December 2015 at 11:14
Subject: CWIH8974 PAYMENT RECEIVED
Good afternoon
Thanks very much for
your payment we recently from you, however there was a missed invoice.
Can you just confirm this will be included in the next payment run, or
whether there were any queries with this particular
invoice?
I have attached the invoice for your reference.
Kind regards
Avril
Avril Sparrowhawk
Credit Controller
Les Caves De Pyrene
Pew Corner
Old Portsmouth Road
Artington
Guildford
GU3 1LP
'
+44
(0)1483 554784
6
+44
(0)1483 455068
 |
| CWIH8974.doc
92K |
Attached is a malicious document
CWIH8974.doc of which I have seen just a single sample with a VirusTotal detection rate of
2/54. There may be other variations of the document, but in this case it downloads a malicious binary from:
secure.novatronica.com/786h8yh/87t5fv.exe
This has a VirusTotal detection rate of
2/53 and is the same payload as found in
this earlier spam run, leading to the Dridex banking trojan.
No comments:
Post a Comment