From UKFast Accounts [accounts@ukfast.co.uk]I am unable to determine what the body text is at the moment. In this case, the attachment was named Invoice-1228407.doc and has a VirusTotal detection rate of 3/54. The Malwr report shows that the malicious macro [pastebin] downloads an executable from:
Date Mon, 11 Jan 2016 11:00:10 +0300
Subject Your latest invoice from UKFast No.1228407
www.vmodal.mx/5fgbn/7tfr6kj.exe
This binary has a detection rate of 2/54 and an MD5 of 3d59b913f823314ca85839b60a9d563a. This Malwr report for the dropped file indicates network traffic to:
114.215.108.157 (Aliyun Computing Co, China)
I strongly recommend that you block traffic to that IP. The payload is the Dridex banking trojan.
No comments:
Post a Comment