Malicious Excel sheet with email “Abcam Despatch [CCE5303255]”


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “ Abcam Despatch [CCE5303255]”.

This email is send from the spoofed address “orders@abcam.com” and has the following body:

Dear customer
The confirmation invoice for order 1366976 is attached.

Please let me know if you need any other paperwork.

Best regards,
Nimisha

Nimisha Patel
Marketing Assistant
Abcam plc
www.abcam.com

The attached file invoice_1366976_08-01-13.xls is an Excel sheet with malicious macro that will download the payload from the following hosts:

biennalecasablanca.ma/7745gd/4dgrgdg.exe
villmarkshest.no/7745gd/4dgrgdg.exe

The trojan is known as UDS:DangerousObject.Multi.Generic or Suspicious.Cloud.5.

At the time of writing, 2 of the 55 AV engines did detect the trojan at Virus Total.

Use the Virus Total for more detailed information.
SHA256: 3cf465bb1424a465d3b212604288dd81c26e8b2b701cc06cfdd762feb3bafe01

One thought on “Malicious Excel sheet with email “Abcam Despatch [CCE5303255]”

Comments are closed.