From: Nicola Hogg [NHogg@pettywood.co.uk]There is no body text, but instead there is an attachment PS007XX20000584 - Confirmation with Photos.DOC which has a VirusTotal detection rate of 5/55 and it contains a malicious macro [pastebin] which (according to this Malwr report) downloads a binary from:
Date: 15 December 2015 at 10:14
Subject: Order PS007XX20000584
kutschfahrten-friesenexpress.de/8iy45323f/i87645y3t23.exe
There are probably other version of the document with different download locations. This malicious executable has a detection rate of 2/54 and between them these three reports [1] [2] [3] indicate malicious traffic to:
199.7.136.84 (Megawire Inc, Canada)
221.132.35.56 (Ho Chi Minh City Post And Telecom Company, Vietnam)
The payload here is likely to be the Dridex banking trojan.
MD5s:
8b288305733214f8e0d95386d886af2d
f9c00d3db5fa6cd33bc3cd5a08766ad0
Recommended blocklist:
199.7.136.84
221.132.35.56
No comments:
Post a Comment