Email “Document from AL-KO” contains malicious Word file


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Document from AL-KO”.

This email is send from the spoofed address “info@alko.co.uk” and has the following body:

This document is DOC created by Osiris OSFAX(R) V3.5.
It can be viewed and printed with Microsoft Word(R)

The attached file is the 95 kB large file Document from AL-KO.doc which is a Word file with embedded malicious macro that will download the malware or trojan.

At the time of writing, 0 of the 53 AV engines did detect the trojan at Virus Total.

Use the Virus Total for more detailed information.
SHA256: c0909b2997428daab890ba4927fa22f69dd6c1071d5f28281f2332048e1b0da4

Update 05.11.2015 – 15:00:

The malicious macro will download the executables from the following locations:

members.dodo.com.au/~mfranklin17/f75f9juu/009u98j9.exe
http://www.mazzoni-hardware.de/f75f9juu/009u98j9.exe

The trojan is known as W32/Dridex.M!tr, Artemis!39F7827813AC or TSPY_DRIDEX.SOU.

At the time of writing, 4 of the 53 AV engines did detect the trojan at Virus Total.

Use the Virus Total for more detailed information.
SHA256: 17ac88233dfe1197ecca2ed4c2560d95be595123c725d75f839f9d101c9de3e4

One thought on “Email “Document from AL-KO” contains malicious Word file

Comments are closed.