From: Booth.Garth19@idsbangladesh.net.bdSender names, contact number and attachment names vary, but I have seen just a single variant of the attachment with a VirusTotal detection rate of 1/55. The Malwr report for this sample sees a download from:
Date: 17 March 2016 at 09:17
Subject: Remittance Adivce
Please find attached a remittance advice for payment made yo you today.
Please contact the accounts team on 020 2286 7847 or via reply email for any queries regarding this payment.
Kind Regards
Garth Booth
bakery.woodwardcounseling.com/michigan/map.php
This download location is almost certainly completely malicious, and is hosted at:
217.12.199.94 (ITL, Ukraine)
This dropped file has a detection rate of 3/56. That VirusTotal and this Malwr report indicate network traffic to:
38.64.199.33 (PSINet, Canada)
188.93.239.28 (DotSi, Portugal)
The payload is uncertain, but it could be the Dridex banking trojan.
UPDATE
The DeepViz analysis also shows traffic to:
85.17.155.148 (Leaseweb, Netherlands)
Recommended blocklist:
217.12.199.94
38.64.199.33
188.93.239.28
85.17.155.148
No comments:
Post a Comment