Sponsored by..

Monday 1 February 2016

Malware spam: "Order Processed." / NoReply-Duration Windows [noreply@duration.co.uk]

This fake financial spam does not come from Duration Windows but is instead a simple forgery with a malicious attachment:

From     NoReply-Duration Windows [noreply@duration.co.uk]
Date     Mon, 01 Feb 2016 04:21:03 -0500
Subject     Order Processed.

Dear Customer,

Please find details for your order attached as a PDF to this e-mail.

Regards,
Duration Windows
Sales Department

___________________________________________________________

This email has been scanned by FilterCloud Email Security.
For more information please visit http://filtercloud.co.uk

I have only seen a single sample of this spam with an attachment V9568HW.doc which has a detection rate of 5/54.

Analysis of the attachment is pending, however this is likely to be the Dridex banking trojan.

UPDATE

The Malwr analysis shows that the document downloads a malicious executable from:

www.peopleond-clan.de/u56gf2d/k76j5hg.exe

This has a VirusTotal detection rate of 4/54 and those reports plus this Hybrid Analysis show it phoning home to:

185.24.92.236 (System Projects LLC, Russia)

I strongly recommend that you block traffic to that IP.

1 comment:

Nyebodnye said...

also iamnickrobinson.com/u56gf2d/k76j5hg.exe