From: Right Fuel Card Company [invoice@rightfuelcard.co.uk]
Date: 17 December 2015 at 11:11
Subject: Your Latest Right Fuel Card Invoice is Attached
Please find attached your latest invoice.
PLEASE ALSO NOTE OUR NEW OPENING HOURS ARE:
Monday - Thursday 9am - 5pm
Friday 9am - 3pm
For a copy of our latest Terms & Conditions please visit www.rightfuelcard.co.uk
Should you have any queries please do not hesitate to call us on 0845 625 0153 (Calls to this number cost 5 pence per minute plus your telephone company's access charge) or via email to info@rightfuelcard.co.uk.
Regards
Customer Services
The Right Fuelcard Company Limited
Attached is a file A01CardInv1318489.xls - at present I only have a single sample of this. VirusTotal is down at the moment so I cannot tell you the detection rate. The Malwr analysis shows behaviour consistent with several Dridex runs going on this morning, with a download from:
infosystems-gmbh.de/65dfg77/kmn653.exe
The payload is the Dridex banking trojan, and is identical to the payload here, here and here.
No comments:
Post a Comment