Fake email from Hazel Renewable Energy “NOVEMBER INVOICE” contains malicious Excel


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subjects:

NOVEMBER INVOICE
NOVEMBER INVOICE ADVICE
INVOICE ADVICE 08/01/2015

This email is send from the spoofed address “Laverne King <Rosalyn.64@transtelco.net>” and has the following body:

Good morning

Happy New Year

Please could you advise on the  November GBP invoice in the attachment for me?

Many thanks

Kind Regards
Laverne King
Senior Accountant
HAZEL RENEWABLE ENERGY VCT 1 PLC

The attached file in the format RBAC_XXXXXX.xls (with different characters) and is an Excel sheet with macro that will download additional components from various locations.

The Excel sheet is currently detected by 1 of the 56 AV engines did detect the trojan at Virus Total and marked as Trojan.Script.Agent.dlanqt.

Use the Virus Total for more detailed information.
SHA256: b1c10f76fc15c3ca6ca89df5335d716241e57951098f7324bbe8c627430a0af6

One thought on “Fake email from Hazel Renewable Energy “NOVEMBER INVOICE” contains malicious Excel

Comments are closed.