“Message from mibser_00919013013” contains mailicious Excel sheet


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Message from mibser_00919013013”.

This email is send from the spoofed address “scan@***” – *** is replaced by your own domain – and has an empty body.

The attached file Smibser_00915110211090.xls is a 81 kB large Excel file with embedded malicious macro which will download the payload from velitolu.com/89u87/454sd.exe.

The Excel sheet is detected and labelled as LooksLike.Macro.Malware.gen!x3 (v) or heur.macro.download.cc by 3 of the 55 AV engines did detect the trojan at Virus Total.
SHA256: 37e40a2be021b31b0f8a77e69bec411d81131bf6203b8e1d26d99a618093b275

The downloaded malware 454sd.exe is detected as BehavesLike.Win32.Backdoor.cc, HEUR/QVM07.1.Malware.Gen or PE:Malware.Obscure/Heur!1.9E03 [F] by 3 of the 55 AV engines at Virus Total. SHA256: 2078db0becb99c19f4a9fbab2b1cb7c6b2af2095659bcfbc034998e62688b8f9

One thought on ““Message from mibser_00919013013” contains mailicious Excel sheet

Comments are closed.