Fake email from Essex Central Magazine contains Upatre trojan

MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Invoice”.

This email is send from the spoofed address “Essex Central Magazine <darren@notifications.kashflow.com>” and has the following body:

Please see attached invoice for the upcoming issue of Essex Central Magazine.


Accounts Dept.

The attached file invoice.zip contains the 29 kB large file invoice_pdf.exe.

The trojan is known as Trojan.Upatre.Gen.1, Win32/TrojanDownloader.Waski.F, Trojan-Downloader.Win32.Upatre (A), Downloader.Upatre,

At the time of writing, 23 of the 57 AV engines did detect the trojan at Virus Total.

Use the Virus Total for more detailed information.
SHA256: 8762db3bdb7a7a1d69dd2e4e152340baeb0ec4d654698b52a38ab9d736242b79