From "Industrial Cleaning Materials (ICM)" [sales@icmsupplies.co.uk]I have seen two version of the attachment order_2393.doc with VirusTotal results of 2/54 [1] [2] and the Malwr reports [3] [4] show that they download a component from:
Date Thu, 03 Dec 2015 18:22:34 +0700
Subject ICM - Invoice #2393
Dear Customer,
Please find invoice 2393 attached.
Kind Regards,
ICM
Industrial Cleaning Materials
Unit 19 Highlode Ind Est
Stocking Fen Road
Ramsey
Huntingdon
Cambridgeshire
PE26 2RB
Tel: 01487 800011
fax 01487 812075
www.ofenrohr-thermometer.de/u5y432/h54f3.exe
ante-prima.com/u5y432/h54f3.exe
This has a VirusTotal detection rate of 1/53. The payload appears to be the same as the one in this spam run earlier today and looks like the Dridex banking trojan.
2 comments:
I just received this one too. At present I (law firm) receive about 1 a day of fake invoicing emails.
Dear Customer,
Please find invoice 2393 attached.
Kind Regards,
ICM
Industrial Cleaning Materials
Unit 19 Highlode Ind Est
Stocking Fen Road
Ramsey
Huntingdon
Cambridgeshire
PE26 2RB
Tel: 01487 800011
fax 01487 812075
Dear Customer,
Please find invoice 2393 attached.
Kind Regards,
ICM
I've just received a similar mail.
Industrial Cleaning Materials
Unit 19 Highlode Ind Est
Stocking Fen Road
Ramsey
Huntingdon
Cambridgeshire
PE26 2RB
Tel: 01487 800011
fax 01487 812075
Post a Comment