Sponsored by..

Thursday 21 January 2016

Malware spam: "statement - payment due" / [accounts@phoenixorganics.ltd.uk]

This fake financial spam does not come from Phoenix Organics Ltd but is instead a simple forgery with a malicious attachment.

From     [accounts@phoenixorganics.ltd.uk]
Date     Thu, 21 Jan 2016 13:09:43 +0300
Subject     statement - payment due

Please can you send a payment to clear the August invoices.

Thank you

Phoenix Organics Ltd
I have only seen one sample of this, with an attachment named Customer statement.doc - this has a VirusTotal detection rate of 2/54 and the Malwr report shows a download from:


This is one of the locations used in this earlier spam run, and it marks it out as being the Dridex banking trojan spammed out by botnet 220.

No comments: