Monday, 9 March 2015

Statement from MARKETING & TECHNOLOGY GROUP, INC

Statement from MARKETING & TECHNOLOGY GROUP, INC mtgmediagroup.com attachment being spammed containing azip file

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Message Header: (Note: Reference is random)

From: "TECHNOLOGY GROUP" {rwilborn@mtgmediagroup.com}
Subject: Statement from MARKETING & TECHNOLOGY GROUP, INC.
Message Body:
Dear Customer :

Your statement is attached.  Please remit payment at your
earliest convenience.

Thank you for your business - we appreciate it very
much.

Sincerely,

MARKETING & TECHNOLOGY GROUP, INC.
 Attachment:
docs2015.zip

Inside the Zip is a Windows Executable:
ddocs2015.exe


Sha256 Hashes:
1b893ca3b782679b1e5d1afecb75be7bcc145b5da21a30f6c18dbddc9c6de4e7 [1]

Malware Macro document information:
VirusTotal Report [1] (hits 1/57 Virus Scanners)


Malwr Report [1]

Hybrid Analysis Report [1]
Cheers,
Steve

3 comments:

Anonymous said...

Just got one one theses spam mail trough Hotmail web service, thanks for the info. ☺

Anonymous said...

I got one too. They are obtaining email addresses through our website contact info.

I know that these are fraudulent and would not open them. What happens when someone does open them?
Bad doodoo viruses?

Anonymous said...

I got one of these on a forwarding email address only given to one Company to email me about their services which they do from time to time. Then I stated to get spam, can you please explain how this works.