From: CardiffC&MFinance [CardiffC&MFinance@centrica.com]
Date: 24 February 2016 at 09:09
Subject: VAT Invoice - Quote Ref: ES0142570
Good Afternoon,Please find attached a copy of the VAT invoice as requested.RegardsTracy Whitehouse
Finance TeamBritish Gas Business| Floor 1| 4 Callaghan Square| Cardiff| CF10 5BT
____________________________________________________________ _________
The information contained in or attached to this email is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, or a person responsible for delivering it to the intended recipient, you are not authorised to and must not disclose, copy, distribute, or retain this message or any part of it. It may contain information which is confidential and/or covered by legal professional or other privilege (or other rules or laws with similar effect in jurisdictions outside England and Wales).
The views expressed in this email are not necessarily the views of Centrica plc, and the company, its directors, officers or employees make no representation or accept any liability for its accuracy or completeness unless expressly stated to the contrary.
PH Jones is a trading name of British Gas Social Housing Limited. British Gas Social Housing Limited (company no: 01026007), British Gas Trading Limited (company no: 03078711), British Gas Services Limited (company no: 3141243), British Gas Insurance Limited (company no: 06608316), British Gas New Heating Limited (company no: 06723244), British Gas Services (Commercial) Limited (company no: 07385984) and Centrica Energy (Trading) Limited (company no: 02877397) are all wholly owned subsidiaries of Centrica plc (company no: 3033654). Each company is registered in England and Wales with a registered office at Millstream, Maidenhead Road, Windsor, Berkshire SL4 5GD.
British Gas Insurance Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. British Gas Services Limited and Centrica Energy (Trading) Limited are authorised and regulated by the Financial Conduct Authority. British Gas Trading Limited is an appointed representative of British Gas Services Limited which is authorised and regulated by the Financial Conduct Authority.
In the only sample I have seen before, there is an attached file named archive-0910001923884.docm which has a VirusTotal detection rate of 3/52. Analysis of this document is pending, but it is likely to drop either the Dridex banking trojan or Locky ransomware.
UPDATE 1
The Hybrid Analysis of the document plus the VirusTotal scan of the dropped EXE look like Dridex. The download location for that document was:
skropotov.ru/system/logs/87h754.exe
C2 to block:
80.86.91.232 (PlusServer, Germany)
UPDATE 2
The comments on this VT report indicate other download locations:
school62.dp.ua/new_year/balls/87h754.exe
skropotov.ru/system/logs/87h754.exe
designis.com.ua/admin/images/87h754.exe
armo.sk/system/logs/87h754.exe
eyesquare.tn/system/logs/87h754.exe
No comments:
Post a Comment