Dynamoo's Blog: Malware spam: "Invoice MOJU-0939" / Accounts [message-service@post.xero.com]

Wednesday, 3 February 2016

Malware spam: "Invoice MOJU-0939" / Accounts [message-service@post.xero.com]

This fake financial spam comes with a malicious attachment. It does not come from Moju Ltd but is instead a simple forgery with a malicious attachment:

From:    Accounts [message-service@post.xero.com]
Date:    3 February 2016 at 09:04
Subject:    Invoice MOJU-0939

Hi,

Here's invoice MOJU-0939 for 47.52 GBP. For last weeks delivery.

The amount outstanding of 47.52 GBP is due on 25 Feb 2016.

If you have any questions, please let us know.

Thanks,
Moju Ltd

I have only seen one sample of this, with an attachment named Invoice MOJU-0939.zip containing a malicious script invoice_id4050638124.js that has detection rate of 2/53 and which according to this Malwr report downloads a binary from:

www.ni-na27.wc.shopserve.jp/43rf3dw/34frgegrg.exe

This payload is the same as seen in this concurrent spam run.

2 comments:

Richard C. Lambert said...: This fake financial spam comes with a malicious attachment. It does not come from Moju Ltd but is instead a simple forgery with a malicious attachment:invoice software; 6 February 2016 at 08:04
Unknown said...: I've jad one too its an invoice for a hotel in Amsterdam it's for £227 and it'sstart a with INVO- then the invoice number and hotel name can u please gee as ita addressed to me but has even sent to my mums email address thanks; 20 December 2016 at 20:03

Dynamoo's Blog

Link List

Sponsored by..

Wednesday, 3 February 2016

Malware spam: "Invoice MOJU-0939" / Accounts [message-service@post.xero.com]

2 comments: