From: samantha.morgan@barrettsteel.com
Date: 16 December 2015 at 09:44
Subject: Your e-Invoice(s) from Barrett Steel Services Ltd
Dear Customer,
Please find attached your latest Invoice(s).
Kind Regards,
Samantha Morgan,
Barrett Steel Services Ltd,
Phone: 01274654248
Email: samantha.morgan@barrettsteel.com
PS
Have you considered paying by BACS ? Our details can be found on the attached invoice.
Please reply to this email if you have any queries.
You can use the link below to perform an Experian credit check.
http://www.experian.co.uk/business-check/landing-page/barrett-steel.html?utm_source=BarrettSteel&utm_medium=Banner&utm_campaign=BusinessCheckBS
Samantha Morgan
Credit Controller
Tel: 01274 654248 | | Fax: 01274 654253
Email: Samantha.Morgan@Barrettsteel.com | Web: www.barrettsteel.com
------------------------------------------------------------------------------
IMPORTANT NOTICE
The information contained in or attached to this e-mail is intended for the use of the individual or entity to which it is addressed. It may contain information which is confidential and/or covered by legal, professional or other privilege (or other similar rules or laws). If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. Nor should you take any action with reference to it. If you have received this communication in error, please return it with the title "received in error" to Barrett.Admin@Barrettsteel.com then delete the email and destroy any copies of it.
This email has been scanned for viruses, but no responsibility is accepted once this communication has been transmitted. You should scan attachments (if any) for viruses.
Registered Office:
Barrett House, Cutler Heights Lane, Dudley Hill, Bradford, BD4 9HU
This message has been scanned by iCritical.
Attached is a file e-Invoice Barrett Steel Services Ltd.doc which I have seen just a single variant of, with a VirusTotal detection rate of 4/54 which according to this Malwr analysis downloads a malicious binary from the following location:
wattplus.net/98g654d/4567gh98.exe
This downloaded binary has a detection rate of 4/53 and according to this Malwr report it attempts to contact:
199.7.136.84 (Megawire, Canada)
I strongly recommend that you block traffic to that IP. Other analysis is pending. The payload is almost definitely the Dridex banking trojan.
1 comment:
I got one the same and the strange thing is that it uses sender's message-id domain like if it is send to your organization xyz.com then it the message id of sender will be @xyz.com which is really highly skilled target to spoof messaging id.
Post a Comment