Monday, 15 December 2014

doc macro malware: IFS Applications vitacress.co.uk

Looks like another document containing macro malware has begin to be spammed out...

Date: Mon, 15 Dec 2014 04:45:32 -0300
From: IFS Applications
Subject: DOC-file for report is ready

The DOC-file for report Payment Advice is ready and is attached in this mail.
 

Payment Advice_593016.doc

41c4dd8ed6597723155aae653ad6a1e8
627de756499c17062a994351cc6388bd

VirusTotal Reports no Anti-Virus software picking it up :(

Sanesecurity ClamAV signatures are blocking this one though using...

Sanesecurity.Malware.24646.DocHeur.UNOFFICIAL FOUND (phish.ndb)
Sanesecurity.Rogue.0hr.20141215-0816.UNOFFICIAL FOUND (rogue.hdb)

Current Malwr report here shows malware contacting host 74.125.28.139

Decoded macro here (Pastebin)

Cheers,

Steve
Sanesecurity.com

No comments: