Attached Zip archive with email “Invoice #: 43-32056-1, Auction : SHOPPER’S” contains trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Invoice #: 43-32056-1, Auction : SHOPPER’S”.

This email is send from the spoofed address”no-reply@grafeauction-mail.com” and has the following body:

Grafe Auction Company
Phone: 8003285920
Url:

Auction: SHOPPER’S
Invoice #: 43-32056-1

The attached file Invoice.zip contains the 28 kB large file Invoice.exe.

The trojan is known as W32/Upatre.E2.gen!Eldorado, W32/Upatre.E2.gen!Eldorado, Upatre-FAAR!E917CEC9A933, Artemis!Trojan, Trojan.Agent/Gen-Downloader or Win32.Trojan.Downloader-pdf.Auto.

At the time of writing, 14 of the 57 AV engines did detect the trojan at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: 241f92d486d849a3ba8f6588b153c1025dd4a48adce54a9905e396b7bd6695f1

One thought on “Attached Zip archive with email “Invoice #: 43-32056-1, Auction : SHOPPER’S” contains trojan

Comments are closed.