Fake email with attached invoice from Broad Oak Toiletries Ltd contains trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Invoice 733351”.

This email is send from the spoofed address “sue.mockridge@mandmkitchens.co.uk” and has the following body:

Hello,

Please can you let me have a payment date for the attached Invoice?

Kind Regards

Sue Mockridge
Accounts Administrator

‘ (Main) 01884 242626 ‘ (Direct Dial) 01884 250764

Please consider the environment before printing

Broad Oak Toiletries Ltd, Tiverton, Tiverton Way, Tiverton Business Park, Tiverton, Devon, EX16 6TG
Registered No. 1971053 England & Wales
Telephone: +44 (0) 1884 242626
Facsimile: +44 (0) 1884 242602

The attached ZIP file has the name Invoice 9921312.zip and contains the 106 kB large folder Invoice 9921312 with the file  Invoice 9921312(copy1).exe.

Note that the reference number in the subject and filenames changes with each email.

The trojan is known as HW32.Paked.C563, Fareit.HG, HEUR/Malware.QVM07.Gen, Troj/Zbot-IWZ.

At the time of writing, 5 of the 54 AV engines did detect the trojan at Virus Total.

Use the Virus Total permalink or more detailed information.
SHA256: 8628887cefd581cc58ad56081ff3cabdb53ccbb98cff9c8afbd72906d4383973

2 thoughts on “Fake email with attached invoice from Broad Oak Toiletries Ltd contains trojan

Comments are closed.