Email “Copy of claim passed for consideration to HM Courts” contains malicious Word file


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subjects like:

Copy of claim passed for consideration to HM Courts Ref:[ZI2444LQN] from RAME ENERGY PLC
Copy of claim passed for consideration to HM Courts Ref:[UH4779YLY] from CORE VCT IV PLC
Copy of claim passed for consideration to HM Courts Ref:[FH6053WYW] from BILLING SERVICES GROUP
Copy of claim passed for consideration to HM Courts Ref:[YE7009JUI] from Business Integrity
……

This email is send from  spoofed email addresses and has the following body:

***COMPANY*** has issued the claim against you and passed for consideration to HM Courts Ref:[***NUMBER-LETTER-COMBO***].The claim was read, and passed to the second reading. For these or other notarial acts, or the legalising of documents, please contact  ***COMPANY*** as soon as posible.

In this sample, the attached file is named ZI2444LQN.doc (changes with he subject reference). This is a malicious Word file with macro that will download other malware (possible Dridex).

At the time of writing, none of the 56 AV engines did detect the malicious Word file at Virus Total.

Use the Virus Total for more detailed information.
SHA256: 369089330844a7b2ac152ea2207b076123ee07f9d098d024ce67fc8bc016fd89

MX Lab recommends not to open the attached Word file or at least disable macros on your system.

One thought on “Email “Copy of claim passed for consideration to HM Courts” contains malicious Word file

Comments are closed.