Dynamoo's Blog: Malware spam: "More scans" / admin / DOC201114-201114-001.DOC

Tuesday, 19 January 2016

Malware spam: "More scans" / admin / DOC201114-201114-001.DOC

This fake scanned document appears to come from admin@ the victim's own domain. There is no body text in the email.

From:    admin [admin@victimdomain.tld]
Date:    19 January 2016 at 09:42
Subject:    More scans

I have seen just a single sample with a document named DOC201114-201114-001.DOC which has a detection rate of 4/53 and which according to this Malwr report downloads from:

www.cnbhgy.com/786585d/08g7g6r56r.exe

This download location was used in this earlier spam run but the payload has now changed, however it is still the Dridex banking trojan.

4 comments:

Unknown said...: Could you find out the reason for sending the e-mail? I received yesterday in my domain the same mail.; 20 January 2016 at 08:53
Unknown said...: Thanks for this. Received same email this morning and presumed my website had been hacked.; 4 February 2016 at 09:44
pristine said...: I have been receiving numerous emails like this, accidentally opened one of the attachments on my iOS mobile.
any ideas on what to do next?; 17 March 2016 at 13:01
Conrad Longmore said...: @pristine - this impacts Windows-based PCs only, your iPhone thingie should be OK>; 18 March 2016 at 09:52

Dynamoo's Blog

Link List

Sponsored by..

Tuesday, 19 January 2016

Malware spam: "More scans" / admin / DOC201114-201114-001.DOC

4 comments: