Sponsored by..

Thursday 21 January 2016

Malware spam: admin@replacementkeys.co.uk / INVOICEPaid_100114000.xls

This spam has a malicious attachment. It does not come from admin@replacementkeys.co.uk but is instead a simple forgery with a malicious attachment.
From     Replacement Keys [admin@replacementkeys.co.uk]
Date     Thu, 21 Jan 2016 17:15:08 +0530
Subject     =?utf-8?B?TmV3IE9yZGVyICMgMTAwMTE0MDAw?=

Order Received!

We will send you another email when it has been dispatched . If you have any questions about your order please reply to this email. Your order confirmation is below. Thank you for ordering from us.
Thank you again,
Replacement Keys

Attached is a file INVOICEPaid_100114000.xls of which I have only seen a single variant. The VirusTotal detection rate is 4/53 and the Malwr report indicates a download location from:

montaj-klimat.ru/8h75f56f/34qwj9kk.exe

The binary dropped is identical to the one in this earlier spam run and it leads to the Dridex banking trojan.

No comments: