Jason Bracegirdle JPS Projects Ltd - Summary Paid Against - {jason.bracegirdle@jpsprojectsltd.co.uk}

Summary Paid Against - Jason Bracegirdle JPS Projects Ltd - Copy of Weekly Summary {jason.bracegirdle@jpsprojectsltd.co.uk} macro based malware being spammed out.

The Word document has a random attachment, however these emails aren't from JPS Projects Ltd  at all, they just being used to make the email look more genuine, ie. from a real company.

It's also worth remembering that the company itself  may not have any knowledge of this attachment as it won't have come from their servers and IT systems. They may not be able to tell you if it's malware or even help clean up your system.

Message Header:

From: "Jason Bracegirdle JPS Projects Ltd" {jason.bracegirdle@jpsprojectsltd.co.uk} Subject: Summary Paid Against Date: Mon, 12 Jan 2015 20:47:34 +0900

Message Body:

Please find attached summary which was paid against Jas Jason Bracegirdle  Managing Director M: 07912 883455 O: 02031 741416 F: 02030 700632 E:  jason.bracegirdle@jpsprojectsltd.co.uk W:  www.jpsprojectsltd.co.uk Manchester 402 Chaddck Lane Astley Manchester M29 7JS London Unit 9, Bunns Lane Works, Bunns Lane, Mill Hill, London NW7 2AJ This e-mail is confidential and is intended solely for the use of the individual or entity to whom it is addressed. If you are not the intended recipient and you have received this e-mail in error then any use, dissemination, forwarding, printing or copying of this e-mail is strictly prohibited. You should contact the sender by return e-mail and delete and destroy all the information from your system. Any views or opinions presented are solely those of the author and do not necessarily represent those of JPS. This email does not form part of a legally binding agreement. We have taken precautions to minimise the risk of transmitting software viruses or trojans, but we advise that you carry out your own virus checks on any attachments to this message. We cannot accept liability for any loss or damage caused to your software, hardware or system. More information about JPS can be found at our website at: http://www.jpsprojectsl

Attachment:

Copy of Weekly Summary 28 12 2014 w.e 28.12.14.doc

Md5 Hashes:

030bbc1dc435a612d4ed7a049470ddb5 4cbc955ea75fa3edff0f73c2ca859119

Malware Macro document information:

VirusTotal Report [1] (hits 0/56 Virus Scanners) VirusTotal Report [2] (hits 0/56 Virus Scanners) Malwr Report [1] Decoded Macro [1]

Sanesecurity signatures are blocking this as: Sanesecurity.Malware.24679.DocHeur.

NOTE The current round of Word and Excel attachments are targeted at Windows users. Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment. The auto-download file is normally a windows executable and so will not currently run on  any operating system, apart from Windows. However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware. Currently these attachments try to auto-download Dridex, which is designed to steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))

Cheers,

Steve

Sanesecurity.com