Document from AL-KO info@alko.co.uk Document from AL-KO.doc macro malware.
Headers:
Subject: Document from AL-KO
From: {info@alko.co.uk}
From: {info@alko.co.uk}
Message Body:
This document is DOC created by Osiris OSFAX(R) V3.5.
It can be viewed and printed with Microsoft Word(R)
It can be viewed and printed with Microsoft Word(R)
Attachment filename(s):
Document from AL-KO.doc
Sha256 Hashes:
134f4cd2f17b312083bee6fb6d502dd0dd3b70f5716b8d17aae8acdcbad0e610 [1]
3d397e7ee0ba4da8d8a2fef6082db65544179374f11c0fbba70dc4637071cbbb [2]
a86c72fe62a0af737cfc89a99173c67aff2610d6c7216c05108b52071c9e297b [3]
c0909b2997428daab890ba4927fa22f69dd6c1071d5f28281f2332048e1b0da4 [4]
3d397e7ee0ba4da8d8a2fef6082db65544179374f11c0fbba70dc4637071cbbb [2]
a86c72fe62a0af737cfc89a99173c67aff2610d6c7216c05108b52071c9e297b [3]
c0909b2997428daab890ba4927fa22f69dd6c1071d5f28281f2332048e1b0da4 [4]
Malware Virus Scanner Report(s):
VirusTotal Report: [1] (detection 0/55)
VirusTotal Report: [2] (detection 0/55)
VirusTotal Report: [3] (detection 0/55)
VirusTotal Report: [4] (detection 0/55)
VirusTotal Report: [2] (detection 0/55)
VirusTotal Report: [3] (detection 0/55)
VirusTotal Report: [4] (detection 0/55)
Sanesecurity Signature detection:
badmacro.ndb: Sanesecurity.Badmacro.Doc.CreObj
Important notes:
The current round of Word/Excel/XML/Docm attachments are targeted at Windows users.
Apple and Android mobiles/tablets can open these attachments and may even manage to run the macro embedded inside the attachment but they will be safe
The auto-downloaded/payloadis normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.
These word/excel attachments normally try to download either...
Dridex banking trojan,
Shifu banking trojan
... both of which are designed to steal login information regarding your bank accounts either by key logging, taking screen shots or copying information directly from your clipboard (copy/paste)
Apple and Android mobiles/tablets can open these attachments and may even manage to run the macro embedded inside the attachment but they will be safe
The auto-downloaded/payloadis normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.
These word/excel attachments normally try to download either...
Dridex banking trojan,
Shifu banking trojan
... both of which are designed to steal login information regarding your bank accounts either by key logging, taking screen shots or copying information directly from your clipboard (copy/paste)
It's
also worth remembering that the company itself may not have any
knowledge of this email and any link(s) or attachment in the email. normally won't have
come from their servers or IT systems but from an external bot net.
These bot-net emails normally have faked email headers/addresses. It's not advised to ring the the company themselves, as there won't really be anything they can do to help you.
These bot-net emails normally have faked email headers/addresses. It's not advised to ring the the company themselves, as there won't really be anything they can do to help you.
Cheers,
Steve
6 comments:
Thanks Steve, a nice summary.
I received this e-mail today and didn't open it.
Now I have read your report I will delete it and block the address. TJ.
I got this email today but did not open the attachment. Now deleted it.
Thanks.
I received the mail and stupidly I opened it
It looked like a mail I could expect from a same company name
I did open the word file
what do I have to do
I am running Malware bytes and F secure scanner
I did open it and now running malware bytes and F secure from tele2
What do I have to do more?>
from : sales@mordek.co.uk
subject : STL Invoice.
body : See attachment
attachment : STL Invoice. M-747196.DOC
https://www.virustotal.com/en/file/3d397e7ee0ba4da8d8a2fef6082db65544179374f11c0fbba70dc4637071cbbb/analysis/
https://malwr.com/analysis/YTNjMzQyYmEzZTc0NGI1YmE2MmM5ODg0Y2ExMWQzYTE/
https://www.hybrid-analysis.com/my-submissions/vx_563b24be86ce44.16338420
Same Email, thanks for the info
Post a Comment