Backdoor.Bot.ED attached to fake Charity Trends emails with subject like “Oder invoice 9156230_08.xls”


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Oder invoice 9156230_08.xls”.

This email is send from the spoofed address  and has the following body:

Dear *******@*******.co.uk,

Please find attached invoice #9156230_08 from 13/08/2014.

Thanks!

Reyes Mcdaniel .

We’re happy to help you with any questions or concerns you may have. Please contact us directly 24/7 via hxxp://www.charitytrends.org/ContactUs.aspx

The attached ZIP file has the name 9156230_08.zip which contains the folder Inv_3145835_453_979154.xls. In this folder the 131 kB large file Inv_3145835_453_979154.xls.scr is found.

Please note that the subject line and attachment file names may change with each message.

The trojan is known as Backdoor.Bot.ED.

At the time of writing, 1 of the 53 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink for more detailed information.
SHA256: 4ac7416ea64789afabee6c7ff152cf4c552c303baef009270adca11238667bc4

One thought on “Backdoor.Bot.ED attached to fake Charity Trends emails with subject like “Oder invoice 9156230_08.xls”

Comments are closed.