Fake email from CDC Consulting contains Upatre trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Annual report”.

This email is send from the spoofed address “olivia <olivia@cdc.co.uk>” and has the following body:

Hi,
Annual report sent to you, maybe yours.

CDC Consulting
Algyr le parc
119 BL de la Bataille de Stalingrad
69100 Villeurbanne

The attached file Annual report contains the 35 kB large file Luk22.exe.

The trojan is known as BehavesLike.Win32.Downloader.nh, Mal/Dyreza-J or TROJ_UPATRE.SMNF1.

At the time of writing, 4 of the 55 AV engines did detect the trojan at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: 82d8e65a75e3d955d2fd850f4a7a17b31a4dc74660f664d15f1af42e7b3c2a3a