Fake email “payment receipt” from Tanya contains malicious Word file

MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “payment receipt”

This email is send from the spoofed address “Reception at Winthrop Village Dental Centre <reception@winthropvillagedental.co.uk>” and has the following body:

HI ,

Sorry cant fax. :/

I hope this is OK.

J Tanya

The attached file CCE19102015.doc is a Word file with malicious macro that will download the real malware.

The Word file is detected as LooksLike.Macro.Malware.gen!d1 (v)

At the time of writing, 2 of the 55 AV engines did detect the trojan at Virus Total.

Use the Virus Total for more detailed information.
SHA256: 22f27f01cbf9bbe333886356edf80699adbe72e31315fac99cb894de5b2e4560

12 thoughts on “Fake email “payment receipt” from Tanya contains malicious Word file

    • It’s unlikely that whatever virus this has embedded was written to attack mobile operating systems. More likely targets Windows PC’s.

  1. I just received it too. Got suspicious when I googled Withrop Dentist which is in Oz and I am in U.K. You really have got to be on your guard these days.

  2. just received this in my school email! thankfully it quarantined it before i opened it but still…so sketchy

Comments are closed.