From Kelly Pegg [kpegg@responserecruitment.co.uk]Attached is a file SKM_C3350160212101601.docm which comes in several different variants. The macro in the document attempts to download a malicious executable from:
Date Mon, 15 Feb 2016 13:15:37 +0200
Subject Invoice (w/e 070216)
Good Afternoon
Please find attached invoice and timesheet.
Kind Regards
Kelly
216.158.82.149/09u8h76f/65fg67n
sstv.go.ro/09u8h76f/65fg67n
www.profildigital.de/09u8h76f/65fg67n
This dropped a malicious executable with a detection rate of 6/54 which according to these automated analysis tools [1] [2] calls home to:
5.45.180.46 (B & K Verwaltungs GmbH, Germany)
I strongly recommend that you block traffic to that address. The payload is the Dridex banking trojan.
1 comment:
If I opened this and it saved what can it do? Thanks
Post a Comment