From: TranI have only seen a single copy of this, it is likely that the company name will vary from email to email. The attachment due #46691848.doc has a VirusTotal detection rate of 5/56. According to this Malwr report it downloads a file from:
Reply-To: Tran, Reuben - ADVANCED ONCOTHERAPY PLC [TranReuben1322@telecom.kz]
Date: 13 April 2016 at 16:24
Subject: Past Due 04 13 2016 - ADVANCED ONCOTHERAPY PLC
Good morning,
Please advise status on these
If shipped, please send invoice & tracking
---------------------------------------------
CONFIDENTIALITY NOTICE: This e-mail, including any attachments and/or linked documents, is intended for the sole use of the intended addressee and may contain information that is privileged, confidential, proprietary, or otherwise protected by law. Any unauthorized review, dissemination, distribution, or copying is prohibited. If you have received this communication in error, please contact the original sender immediately by reply email and destroy all copies of the original message and any attachments. Please note that any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of Xylem Inc.
mgmt.speraelectric.info/flows/login.php
Right at the moment this is just a copy of the Windows Calculator and is harmless, but the payload could be switched later to something more malicious, probably Locky ransomware or the Dridex banking trojan.
1 comment:
- https://malwr.com/analysis/ZmM0ZThlZjg2M2I3NDRlZmI1YmVlNzY3NzdhZjY1ZTg/
Hosts
85.93.146.3: https://www.virustotal.com/en/ip-address/85.93.146.3/information/
>> https://www.virustotal.com/en/url/657b9fdee11240b9cf91855b1572a9c623e626c17bbb98b832516962e9c8a820/analysis/
//
Post a Comment