Fake email inter-company invoice for October contains trojan


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subjects like:

Company invoice reminder
Company notification
Company payment reminder
Company payment reminder notice
Important corporate email notice
Important corporate reminder
Inter-company invoice reminder

This email is send from the spoofed address and has the following body:

Good day,

Attached you’ll find the inter-company invoice for the period from October 2014 till October 2015.

Thank you for support in setting up this process.

The attached ZIP file contains the 53 kB large executable. The filesnames of the ZIP archive and EXE is a combination of random numbers.

The trojan is known as Trojan-Downloader.Win32.Waski, Trojan-Downloader.Win32.Upatre.fami, Trojan.Upatre, W32/Upatre.ED.gen!Eldorado or Upatre-FACH!C82728F6AFBA

At the time of writing, x of the 54 AV engines did detect the trojan at Virus Total.

Use the Virus Total for more detailed information.
SHA256: c90b159a64bda63b62287bb6901c5be6bd73edde5a5595767c33a4239285c3af