From Gary Atkinson [Gary@garrardwindows.co.uk]Attached is a file 20121005154449756.zip which contains a randomly-named script. I have seen two samples so far (VirusTotal results [1] [2]). The Malwr reports [3] [4] show the script downloads from the following locations:
Date Tue, 08 Mar 2016 12:09:33 +0300
Subject Emailing: 20121005154449756
Please find attached document as requested.
jatukarm-30.com/9uj8n76b5.exe
stopmeagency.free.fr/9uj8n76b5.exe
The downloaded binary appears to be Dridex and is the same as found in this spam run.
No comments:
Post a Comment