From Replacement Keys [admin@replacementkeys.co.uk]
Date Thu, 21 Jan 2016 17:15:08 +0530
Subject =?utf-8?B?TmV3IE9yZGVyICMgMTAwMTE0MDAw?=
Order Received!
We will send you another email when it has been dispatched . If you have any questions about your order please reply to this email. Your order confirmation is below. Thank you for ordering from us.
Thank you again,
Replacement Keys
Attached is a file INVOICEPaid_100114000.xls of which I have only seen a single variant. The VirusTotal detection rate is 4/53 and the Malwr report indicates a download location from:
montaj-klimat.ru/8h75f56f/34qwj9kk.exe
The binary dropped is identical to the one in this earlier spam run and it leads to the Dridex banking trojan.
No comments:
Post a Comment