Wednesday, 11 March 2015

STATEMENT MELLON GROUP OF COMPANY Lian Khong StatementCopy-20733.doc

STATEMENT MELLON GROUP OF COMPANY Lian Khong StatementCopy-20733.doc
attachment being spammed containing a word document file

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Message Header:


Subject: STATEMENT
From: "Lian Khong" {dubaishiment0943@gmail.com}
Message Body:
Good Day,
We made payment already and attach is the bank slip for confirmation.
Please do revert back ASAP with all necessary documents and BL


Regards.
Lian Khong

MELLON GROUP OF COMPANY
Mellon Contact Services
74A, Pireos str.
18547, Piraeus, Greece
Tel.: +30 210 3360001
www.mellongroup.com
 Attachment:
StatementCopy-20733.doc

Sha256 Hashes:
f007f011b4dbc63339db692e1b35f99570e93f06e32e52f049e29445701b5586  [1]

Malware Macro document information:
VirusTotal Report [1] (hits 18/56 Virus Scanners)

Malwr Report [1]

Summary:
  • Steals private information from local Internet browsersConnects to an IRC server, possibly part of a botnet
  • Installs itself for autorun at Windows startup

Hybrid Analysis Report [1]
Cheers,
Steve

No comments: