Tuesday, 23 December 2014

Dawn Early ADP Invoice malware

 A zipped malware run has just started...


From: "Dawn.Early@adp.com" Dawn.Early@adp.com
Date: Thu, 24 Jul 2014 09:38:34 GMT
Subject: ADP Invoice for week ending 12/21/2014


Your most recent ADP invoice is attached for your review.

If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.

Please note that your bank account will be debited within one banking business day for the amount(s) shown on the invoice.

Thank you for choosing ADP for your business solutions.

Important: Please do not respond to this message. It comes from an unattended mailbox.


The Attachment in this example is:  invoice_41298491.zip, which actually has a executable called
invoice_41298491.scr inside it.

MD5 hash and VirusTotal Report: [9c325ce702a2ed871bab947b828f6ae5]

The Anubis report can be found here [Anubis]


Cheers,

Steve
Sanesecurity.com

No comments: