Friday, 29 January 2016

Despatch Note FFGDES34309 Foyle Food Group Limited

Description:


Despatch Note FFGDES34309 Foyle Food Group Limited macro malware

Headers:

From: Foyle Food Group Limited {accounts@foylefoodgroup.com}
Subject: Despatch Note FFGDES34309

Message Body:

Please find attached Despatch Note FFGDES34309

Attachment filename(s):


FFGDES34309.doc

Sha256 Hashes:


03d4676d6b9459ebde4e49406b681291b62093862b6b70e82ee36814ae3eb380 [1]
a7373d7df306a0a23fd99ce583e3f58edd0694c96134258325b21272597d63b9 [2]
0948b607da8e1dbfb5f235c9005d634afdf477a2ee9e8e344ccf445f41b195dc [3]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 4/55)
VirusTotal Report: [2] (detection 4/55)
VirusTotal Report: [3] (detection 4/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.Doc.cu1

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Thursday, 28 January 2016

Lesley Mawson PAYMENT CONFIRMATION PAYMENT VOUCHER.DOC

Description:


Lesley Mawson PAYMENT CONFIRMATION PAYMENT VOUCHER.DOC macro malware

Headers:

From: "Lesley Mawson" {LMawson@agrin.co.uk}
Subject: PAYMENT CONFIRMATION

Message Body:

For the attention of the accounts department.

Please find attached a copy of our payment to you.

Kind regards
Lesley


Lesley Mawson

A.I.P. Ltd
9 Wassage Way, Hampton Lovett Ind Estate, Droitwich. WR9 0NX

Attachment filename(s):


PAYMENT VOUCHER.DOC

Sha256 Hashes:


f92337d3097225f9c70dcc1d9064dee66a620f65c890139d4ac06efdc45e7e2a [1]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 2/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.Doc.exetmp

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Hayley Stoakes Invoice macro malware

Description:


Hayley Stoakes Invoice macro malware

Headers:


From: "Hayley Stoakes" {hayley@whirlowdale.com}
Subject: Invoice

Message Body:

Thank you for your order.  Your Invoice - 96413 - is attached.

Attachment filename(s):


96413.DOC


Sha256 Hashes:


45f8c1de7d25c8a24246943ae194cb692add12efaab12d2689aa7a47e7d6b46a [1]
f92337d3097225f9c70dcc1d9064dee66a620f65c890139d4ac06efdc45e7e2a [2]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 2/55)
VirusTotal Report: [2] (detection 2/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.Doc.exetmp

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

IKEA Purchase Order [2001800526]

Description:


IKEA Purchase Order  [2001800526] macro malware

Headers:


From: order@ibxplatform.com
Subject: IKEA Purchase Order  [2001800526]

Message Body:

This message contains a Purchase Order from IKEA. If you have any questions regarding this Purchase Order and its contents, we kindly ask you to contact your customer directly.
If this message is incomplete or not readable, feel free to refer to our contact details below.
Please do not reply to this message!


Diese Nachricht enthält eine Bestellung  von IKEA. Bitte nehmen Sie Kontakt mit dem Kunden direkt auf, sollten Fragen zum Inhalt dieser Bestellung bestehen.
Sollte diese Nachricht unvollständig oder nicht lesbar sein, bitten wir Sie sich an den unten genannten Kontakt zu wenden.
Bitte antworten Sie nicht auf diese Nachricht!


Este mensaje contiene una Orden de Compra de IKEA. Póngase en contacto con el cliente directamente si tiene alguna pregunta respecto a la Orden de Compra y su contenido.
Si este mensaje está incompleto o no leíble, siga nuestros detalles de contactos en la parte inferior.
Por favor no responda este mensaje.


Ce message contient un bon de commande de la société IKEA. Pour toutes questions concernant cette commande ou son contenu, nous vous prions de bien vouloir contacter votre client directement.
Si ce message est incomplet ou si vous avez des difficultés à le lire, n'hésitez pas à nous contacter avec les coordonnées ci-dessous.
Veuillez ne pas répondre à ce message s'il vous plaît !


Detta meddelande innehåller en inköpsorder ifrån IKEA, vänligen kontakta din kund direkt om du har några frågor angående inköpsordern och dess innehåll.
Om det här meddelandet är ofullständigt eller oläsligt, kontakta oss på nedanstående adress eller telefonnummer.
Vänligen svara ej på detta meddelande!
Kind regards,

IBX Service Desk
Capgemini BPO | IBX Business Network | Sweden                                
Gustavslundsvägen 131, SE-167 51 Bromma, Sweden                            
Postal Address: BOX 825, SE-167 24 Bromma, Sweden                           
Internet: www.capgemini.com/procurement | www.ibxplatform.com | www.ehandelsplattformen.no

Support Email: support@ibxplatform.com

Toll free:
Austria     0800.295.265        Norway            800.167.57
Brazil        08000 380 599        Sweden            020.313.200
Denmark     808.89.961            United Kingdom    080.8234.9169
Finland     0800.114.671        USA                866.8236.518
Germany     0800.181.1539        India            0008001008811

Not toll free:
International     +46 8 5648.9600

Attachment filename(s):


Purchase_Order_Number__2001800526.doc


Sha256 Hashes:


45f8c1de7d25c8a24246943ae194cb692add12efaab12d2689aa7a47e7d6b46a [1]
f92337d3097225f9c70dcc1d9064dee66a620f65c890139d4ac06efdc45e7e2a [2]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 2/55)
VirusTotal Report: [2] (detection 2/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.Doc.exetmp

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Wednesday, 27 January 2016

Enterprise Invoices No. macro malware

Description:


Enterprise Invoices No. macro malware

Headers:



Subject: Enterprise Invoices No.65698

Message Body:

Please find attached invoice/s from
Enterprise Security Distribution (South West) Limited
Unit 20, Avon Valley Business Park
St Annes Road
St Annes
Bristol
BS4 4EE

Corina Wilkerson
Accountant
Tel: 0117 977 5373

Attachment filename(s):


scan-hpC4D6A@kichkas.net_7399292.xls


Sha256 Hashes:


0fc743807ff0fcce578947faa3f29b24f5ad632bfc5b3af582d2ea2a270c8599 [1]
378bd2fe58b2fb7cae6ee9168087b53bb9ea371f132f3d8304fc78cdff2758f1 [2]
4d4bb2cd6843832f37926855d419c346d07161baed97a8a882c54ef16e69d137 [3]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 0/55)
VirusTotal Report: [2] (detection 0/55)
VirusTotal Report: [3] (detection 0/55)

Sanesecurity Signature detection:

phish.ndb: Sanesecurity.Malware.25962.XmlHeurGen

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Dawn Salter Invoice 9210.doc

Description:


Dawn Salter Invoice 9210.doc macro malware

Headers:


From: Dawn Salter {dawn@mrswebsolutions.com}
Subject: Invoice 9210

Message Body:

Good afternoon

I hope all is good with you.

Please see attached invoice 9210.

Kind regards

Dawn
http://www.mrswebsolutions.com/email/spacer.gif
Dawn SalterOffice Manager

Tel:
DDI:
Web:

+44 (0)1252 616000 / +44 (0)1252 622722
+44 (0)1252 916494
www.mrswebsolutions.com
1 Blue Prior Business Park, Church Crookham, Fleet, Hants, GU52 0RJ

Attachment filename(s):


9210.doc


Sha256 Hashes:


a8bfefc9496bc1878947f85d9564b9fc84b56a6dd2e90c7ca58759a6f8625a54 [1]
d7cefbfcfc5af2529683b156f7afe5c88cac653009f9b30fd7663f9a27dabcc3 [2]
ea62fe423a2f7f97bb93990bc42664b54e09af054fd167fa2e0fd781f265a333 [3]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 2/55)
VirusTotal Report: [2] (detection 2/55)
VirusTotal Report: [3] (detection 2/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.Doc.vbfexe

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Michelle Ludlow New Order doc4502094035.doc

Description:


Michelle Ludlow New Order doc4502094035.doc macro malware

Headers:


From: Michelle Ludlow {Michelle.Ludlow@dssmith.com}
Subject: New Order

Message Body:

Hi

Please see attached for tomorrow.

Thanks

Michelle Ludlow
Customer Services Co-Ordinator - Packaging Services
Packaging Division
Dodwells Road, Hinckley LE10 3BX, United Kingdom
T +44 (0)1455 892939 F  +44 (0)1455 892924

Attachment filename(s):


doc4502094035.doc


Sha256 Hashes:


6ecc8c79c0f1d4579ac9e68aeeb538199b835a8f27d51643b85a386daa5ff33c [1]
f4b65dc842ba7353e4b13211f5474d0841ef98152f1c9ab208681b25365d775e [2]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 4/55)
VirusTotal Report: [2] (detection 4/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.Doc.cu1

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Monday, 25 January 2016

Direct Debit Mandate from HPscanner macro malware

Description:


Direct Debit Mandate from HPscanner macro malware

Headers:


Subject: Direct Debit Mandate from MERCER RESOURCES PLC

Message Body:

Good morning

Please attached Direct Debit Mandate from MERCER RESOURCES PLC;
complete, sign and scan return at your earliest convenience.


Kind regards,

Elise Burke
TEAM SUPPORT
MERCER RESOURCES PLC
t. 01754 660 271
f. 0868 400 3263

Attachment filename(s):


HPscanner523BD@sabanet.ir_147039.doc


Sha256 Hashes:


1535fe867d5ddf44fd66313125158917a78926131c9875e4a1a15f7a391f6e18 [1]
214bf2375880d6f73f0b8f5988737f536ad19c1d201a35bea8e8ce42f8bf86bb
3f6ea28afc16479c7024abe87d55f25493c34622693cc04b5d06cb71db23297b
a1a751102b3b47e478d36fffa786397eaaf3f3b9fe5518ab9d26ad59f71267a5
e770c69c7970bd96c469d56a50467dd38ec03b167fd6df5f1706f8620c47c86b

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 3/55)

Sanesecurity Signature detection:

phish.ndb: Sanesecurity.Malware.25962.XmlHeurGen

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Friday, 22 January 2016

UKMail 988271023 tracking information macro malware

Description:


UKMail 988271023 tracking information macro malware

Headers:

From: no-reply@ukmail.com
Subject: UKMail 988271023 tracking information

Message Body:

UKMail Info!
Your parcel has not been delivered to your address January 21, 2016, because nobody was at home.
Please view the information about your parcel, print it and go to the post office to receive your package.

Warranties
UKMail expressly disclaims all conditions, guarantees and warranties, express or implied, in respect of the Service.
Where the law prevents such exclusion and implies conditions and warranties into this contract,
where legally permissible the liability of UKMail for breach of such condition,
guarantee or warranty is limited at the option of UKMail to either supplying the Service again or paying the cost of having the service supplied again.
If you don't receive a package within 30 working days UKMail will charge you for it's keeping.
You can find any information about the procedure and conditions of parcel keeping in the nearest post office.

Best regards,
UKMail

Attachment filename(s):


988271023-PRCL.xls


Sha256 Hashes:


886adc192957bda32b375503c0d8b3c09f4b77a2609e4ef5952072c79c1ca7a0 [1]
c66742b7b4a90e7cf7c909152ca4f5ebc9d8dbc5825877fd3b1103081abb948c [2]
eae89bcb2c5349000441990e85c09b64d6dc0a9d4308140f640ef357f68b2876 [3]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 3/55)
VirusTotal Report: [2] (detection 3/55)
VirusTotal Report: [3] (detection 3/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.Xls.Wshell.G

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Message from scanner macro malware

Description:


Message from scanner macro malware

Headers:

Subject: Message from scanner

Message Body:

Attachment: [SKM_4050151222162800.doc]

Attachment filename(s):


SKM_4050151222162800.doc


Sha256 Hashes:


0f5bb3b7d13333c2141f7ee490773c70a919cf6a208c9bd37a3ba790eae48e3e [1]
60c2aa4d30f1a1d84e03cde89c9d16de70071f0bed798a95e309218a8ee64997 [2]
d12b936880df87f58592c821f98ae102c9f3fb45238d1912c4261afeba2fd2fd [3]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 3/55)
VirusTotal Report: [2] (detection 3/55)
VirusTotal Report: [3] (detection 3/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.Wsc.New

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Message from KONICA_MINOLTA macro malware

Description:


Message from KONICA_MINOLTA macro malware

Headers:

Subject: Message from KONICA_MINOLTA

Message Body:

Attachment: [SKM_4050151222162800.doc]

Attachment filename(s):


SKM_4050151222162800.doc


Sha256 Hashes:


0f5bb3b7d13333c2141f7ee490773c70a919cf6a208c9bd37a3ba790eae48e3e [1]
60c2aa4d30f1a1d84e03cde89c9d16de70071f0bed798a95e309218a8ee64997 [2]
d12b936880df87f58592c821f98ae102c9f3fb45238d1912c4261afeba2fd2fd [3]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 3/55)
VirusTotal Report: [2] (detection 3/55)
VirusTotal Report: [3] (detection 3/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.Wsc.New

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Message from MFD macro malware

Description:


Message from MFD macro malware

Headers:

Subject: Message from MFD

Message Body:

Attachment: [SKM_4050151222162800.doc]

Attachment filename(s):


SKM_4050151222162800.doc


Sha256 Hashes:


0f5bb3b7d13333c2141f7ee490773c70a919cf6a208c9bd37a3ba790eae48e3e [1]
60c2aa4d30f1a1d84e03cde89c9d16de70071f0bed798a95e309218a8ee64997 [2]
d12b936880df87f58592c821f98ae102c9f3fb45238d1912c4261afeba2fd2fd [3]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 3/55)
VirusTotal Report: [2] (detection 3/55)
VirusTotal Report: [3] (detection 3/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.Wsc.New

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Thursday, 21 January 2016

Sha256 hashes from Dridex today

Description:


Here's 48 Sha256 hashes from todays various Dridex macro word/excel junk that's arrived so far today.   Sanesecurity ClamAV signatures phish.ndb and badmacro.ndb took care of these


Sha256 Hashes:


032cadff200a3d43be457fce78a0f4485eb85aa09d37952da588bc455ef0e2dd
0bb12738ad96a74c43fd40a47d015677cf43532e752c7a49ec05f699ea3078cd
0eb1138dda532720d49d9d968e16d547571dbbd2ccb2cc344a4f16a38226c6b2
107eb519ef0fdd6a526738ddc5c6bf45f1387cbbcc5f657a9691c214c6210741
1ae3b428d3634fd46e2fd8c1a4b66dfa02853ef95507a0b7cfcb5f9a929dd8d6
21a317a5ec67e7e25590187d759fa3877571e1f0110594f2483e474bbe8b3771
2972bd7b3a9e384d5178eb7a224439076880b53804a5dc3cb9e089d7d6f016a2
2aca446ed9ba07a153c0674e09468385ff7bebe0bf63a27d64c7ef1d9bfe8230
3757522b79df43e1a0bcb4056581b7eddb3d41f54e39f85eada8c6feee63c4ed
4d80efa6dc31f1d003d9033eeadabd10f92587b63b7d74c07d802e56c25b732f
521328c33f501c4e26874c003f56899b7df47e86c8329e7eff9e50f5fada4f18
561a44b68dfa2f49a3fba9a4d1694bc550d35a11cba38c1de21d0c2f475b863d
5a6b27bb9b4a3139b5921d264ebac6d0f43232522141f3d2e296a3fbe6e3e1d6
627e3a939d0a99cdb47cc2491e79bb34f067340505a745c1a3d33241005efbbd
66cdd13940623896dde7d4ac17a09878703aa09d3082c020a0e7ef54f710c79b
6b8ab888539c200fe237806d949fa093ca97eedb0421f05be90a3bb792d08ab2
7076806627cb5eeb2e33041f40dd3806bf3d14fb3956d7485ee0b280546abfa7
74c34eadc1ba2489d9d996e01b6958540960ddfbd20c8183a9bebca116d137ec
8116e568a3cdf0ff5f082e200efff05a4a20b4fba78d23a05a32d4b83e255ab4
847e8bb3701f3aac1549b0034a3a5ac17de2d7064b3d33527ad775e5bd7f8252
8d95ce381e008de56853e82c383fb02f8680a7bbecdc57dd5fff0ecd241bb910
8fd3ad3f65e465090757c824959ba675ea4a26fad3c867f136aa8d8a672b1c19
92a25ace749d1e86a9a500f7c286b6d6fa0685fb7e671c991ed1a9e159efa076
93c4d5b2dc751a509d67f8eac8ddf7ef5d02e41229d5eff092324acf073333ab
94fc3afcf1c89e7a6085cccff0b4e27a4d4bad2e3b9fd63c1c15c0bd3f339d89
9759e62f48643adf5a8d984e139a93341fdc793dd88a7ffded26b77bd036fc3d
9a0030b28344b6ee370f82177e7ceed83ffcaf7ba9d5050dee36d549c1987acc
9d0ab1327a6208e68d559ae9549b3ebc7b3f9a641ea15d71d131c5cbba5ccdd3
a16bd04912640e2637c6e07b31798afae06f65693bc57a58e7d99daa38e623e5
a8b5e55f322f76f3ea18f1dc8f0639a12f99a8a89ba21da59bc9c0387fd42666
b13716ad3cf258903415dbd578e21578df674e26a94d24d96b99406bb50706ca
b63047705eff83a873672b734f2dacd77672092d704f480b95bc78902d254db6
b92bc482eaaab3b855e9b3fc79cb2579609f6badcc7aca6a1d990c91a69405fe
ba90b113e90a3882d04c5a67685121605813b360abd5d1e5e367a0bd93cdbc44
bfd4e3708f3f4ac6a6f839db8f1889d5bdc4d3d3e9f8fd85c19c311459b41def
c462a839fdbb7ad112fe37bde57f5c44cbb1568e131f58bc533684401a3b26c7
c811c54afd0196f13256773a48d593a5f17561c758a0aee4eb4f78823625cf4d
ce8cbc7b436ebcc4896db22ec4c3c7e518300862485e18aee1dee89b840bb58e
d46133a67aad6c11c20cf8848d202261db0382d4da21bd393439611e39d24d54
d8b45b1292d1be1905aec7b3b6f2d8ad53dbb62bc87887926657969387df064b
e6d12f86c91d0bd661c48a560193ee0c22abe4e0f26ca6008a7cf5f19d4e2795
ea6c955a619f18c3e9a6ad2c7ad2723ae237985451f55d1bb3b7ac6ce55b1523
eac69334d0dccf0423009a679ef25b27b32d13f7b11907f7386566f105a93a53
f0abdbc13ab5394dc89bed8914a4166e4d607a6b8c927683f2c0f24415292f9f
f66660e93b3a75735e475459172370b7d6d0f7d531be4bd5f327a66a485c0d59
ff51600e7b7d7a5229cab63d9497eb8ac177e33d5b8d83cd43e384427d382f48
ffb1b6c11dde1643358ba10baa4b4b47d4c6491f64fee07b8174c0dc07cff4a5
ffba94d054f11092f33f49ebaf73fcc56ce7563b4f529791ddbda6e98c1e1eb1

Cheers,
Steve

Gompels Healthcare Ltd Invoice

Description:


Gompels Healthcare Ltd Invoice macro malware

Headers:


From: "Gompels Healthcare ltd" {salesledger@gompels.co.uk}
Subject: Gompels Healthcare Ltd Invoice

Message Body:

Hello
Please see attached pdf file for your invoice
Thank you for your business

Attachment filename(s):


fax00375039.DOC


Sha256 Hashes:


3757522b79df43e1a0bcb4056581b7eddb3d41f54e39f85eada8c6feee63c4ed [1]
ba90b113e90a3882d04c5a67685121605813b360abd5d1e5e367a0bd93cdbc44 [2]
d46133a67aad6c11c20cf8848d202261db0382d4da21bd393439611e39d24d54 [3]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 5/55)
VirusTotal Report: [2] (detection 5/55)
VirusTotal Report: [3] (detection 5/55)

Sanesecurity Signature detection:

phish.ndb: Sanesecurity.Malware.24819.MacroHeurGen.Hp

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Credit UB 1742629 dated 15.01.15

Description:


Credit UB 1742629 dated 15.01.15 macro malware

Headers:



Subject: Credit UB 1742629 dated 15.01.15

Message Body:

Hi,

Please find attached Debit Note UB17426296 which will offset UB 17426297

Due to a system error UB17426297 was raised with an invoice date being 20/01/15, when it should have been 22/01/16

Regards,

Lola Espinoza
Management Accountant - MEDIAZEST
t. 01383 877 718
f. 0883 390 4062

Attachment filename(s):


CanonE172A@as9105.com_6024451.doc
Sharp2BA17@ttnet.com.tr_1739870.doc


Sha256 Hashes:


0eb1138dda532720d49d9d968e16d547571dbbd2ccb2cc344a4f16a38226c6b2
2972bd7b3a9e384d5178eb7a224439076880b53804a5dc3cb9e089d7d6f016a2
66cdd13940623896dde7d4ac17a09878703aa09d3082c020a0e7ef54f710c79b
74c34eadc1ba2489d9d996e01b6958540960ddfbd20c8183a9bebca116d137ec
a16bd04912640e2637c6e07b31798afae06f65693bc57a58e7d99daa38e623e5
b63047705eff83a873672b734f2dacd77672092d704f480b95bc78902d254db6
c811c54afd0196f13256773a48d593a5f17561c758a0aee4eb4f78823625cf4d
ce8cbc7b436ebcc4896db22ec4c3c7e518300862485e18aee1dee89b840bb58e
f66660e93b3a75735e475459172370b7d6d0f7d531be4bd5f327a66a485c0d59
ffb1b6c11dde1643358ba10baa4b4b47d4c6491f64fee07b8174c0dc07cff4a5

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection ?/55)

Sanesecurity Signature detection:

phish.ndb: Sanesecurity.Malware.25962.XmlHeurGen

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Replacement Keys New Order # 100114000

Description:


Replacement Keys New Order # 100114000 macro malware

Headers:


From: Replacement Keys {admin@replacementkeys.co.uk}
Subject: New Order # 100114000

Message Body:



Order Received!

We will send you another email when it has been dispatched . If you have any questions about your order please reply to this email. Your order confirmation is below. Thank you for ordering from us.
Thank you again,
Replacement Keys

Attachment filename(s):


INVOICEPaid_100114000.xls


Sha256 Hashes:


521328c33f501c4e26874c003f56899b7df47e86c8329e7eff9e50f5fada4f18 [1]
92a25ace749d1e86a9a500f7c286b6d6fa0685fb7e671c991ed1a9e159efa076 [2]
ea6c955a619f18c3e9a6ad2c7ad2723ae237985451f55d1bb3b7ac6ce55b1523 [3]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 5/55)
VirusTotal Report: [2] (detection 5/55)
VirusTotal Report: [3] (detection 5/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.Xls.Wshell.G

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

statement - payment due accounts@phoenixorganics.ltd.uk

Description:


statement - payment due accounts@phoenixorganics.ltd.uk Customer statement.doc macro malware

Headers:


From: {accounts@phoenixorganics.ltd.uk}
Subject: statement - payment due

Message Body:



Rowie
 
Please can you send a payment to clear the December invoices.
 
Thank you
 
Regards
Liz

Attachment filename(s):


Customer statement.doc


Sha256 Hashes:


b1ae3b428d3634fd46e2fd8c1a4b66dfa02853ef95507a0b7cfcb5f9a929dd8d6 [1]
627e3a939d0a99cdb47cc2491e79bb34f067340505a745c1a3d33241005efbbd [2]
b92bc482eaaab3b855e9b3fc79cb2579609f6badcc7aca6a1d990c91a69405fe [3]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 2/55)
VirusTotal Report: [2] (detection 2/55)
VirusTotal Report: [3] (detection 2/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.HttpSha.New

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

Your Telephone Bill Invoices & Reports The Billing Team

Description:


Your Telephone Bill Invoices & Reports The Billing Team macro malware

Headers:

From: "The Billing Team" {noreply@callbilling.co.uk}
Subject: Your Telephone Bill Invoices & Reports

Message Body:


Please see the attached Telephone Bill & Reports.

Please use the contact information found on the invoice if you wish to contact your service provider.

This message was sent automatically.

Attachment filename(s):


Invoice_316103_Jul_2013.doc


Sha256 Hashes:


1ae3b428d3634fd46e2fd8c1a4b66dfa02853ef95507a0b7cfcb5f9a929dd8d6 [1]
627e3a939d0a99cdb47cc2491e79bb34f067340505a745c1a3d33241005efbbd [2]
b92bc482eaaab3b855e9b3fc79cb2579609f6badcc7aca6a1d990c91a69405fe [3]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 2/55)
VirusTotal Report: [2] (detection 2/55)
VirusTotal Report: [3] (detection 2/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.HttpSha.New

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

201552 ebill Louisa Brown

Description:


201552 ebill Louisa Brown macro malware

Headers:

From: invoices@ebillinvoice.com
To: mu@newburydata.co.uk
Subject: 201552 ebill

Message Body:


Customer No         : 8652
Email address       : mu@newburydata.co.uk
Attached file name  : 8652_201552.DOC

Dear customer

Please find attached your invoice for 201552.

To manage your account online - please visit Velocity.
https://www.velocitycardmanagement.com

Alternatively please contact us on:
  invoices@ebillinvoice.com

Yours sincerely

Louisa Brown
DCI

Ground Floor, Unit 2,
Galway Technology Park,
Parkmore, Galway, H91KFD3
Company Reg No : 233354

Attachment filename(s):


8652_201552.DOC


Sha256 Hashes:


93c4d5b2dc751a509d67f8eac8ddf7ef5d02e41229d5eff092324acf073333ab [1]
9759e62f48643adf5a8d984e139a93341fdc793dd88a7ffded26b77bd036fc3d [2]
eac69334d0dccf0423009a679ef25b27b32d13f7b11907f7386566f105a93a53 [3]

Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 4/55)
VirusTotal Report: [2] (detection 4/55)
VirusTotal Report: [3] (detection 4/55)

Sanesecurity Signature detection:

badmacro.ndb: Sanesecurity.Badmacro.HttpSha.New

Important notes:


Am I Safe?

The current round of Word/Excel/XML/Docm attachments are targeted at Windows and Microsoft Office users.

Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these attachments will be safe.LibreOffice and OpenOffice users should also be safe but do not enable macros if asked to by the attached file.

If you have Macros disabled  in Microsoft Word or Microsoft Excel, you should be safe but again,
do not enable macros if asked to by the attached file.

However, if you are an  (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet user.. and forward the message to a Windows user, you will then put them at risk of opening the attachment and auto-downloading the malware.

These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve