Email “Invoice from DATANET the Private Cloud Solutions Company” contains malicious Excel


MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Invoice from DATANET the Private Cloud Solutions Company”.

This email is send from the spoofed address “Holly Humphreys <Holly.Humphreys@datanet.co.uk>” and has the following body:

Dear Accounts Dept :

Your invoice is attached, thank you for your business.

If you have any queries please do not hesitate to contact us.

Regards

DATANET.CO.UK
01252 810010 Accounts Support from 9am to 5.30pm Monday to Friday
01252 813396 Technical Support from 8am to 8pm Monday to Friday

Please reply to Accounts@datanet.co.uk
________________________________
Holly Humphreys
Operations
Datanet – Hosting & Connectivity
E:

Holly.Humphreys@datanet.co.uk

W:

www.datanet.co.uk <http://www.datanet.co.uk>

T:

01252 810010

F:

01252 813391

S:

01252 813396 – Normal Support: 8am-8pm Mon-Fri, Critical Break Fix Support: 24×7

DATANET.CO.UK Limited, Cloud Hosting & Connectivity Service Provider. Datanet is an ISO 9001 & ISO 27001 certified
business with the mantra of “CIA” – “Confidentiality, Integrity and Availability” at the heart of our private cloud solutions.

Information contained in this communication is confidential or restricted and is solely for the use of the intended recipient and others authorised to receive it.
If you are not the intended recipient you are hereby notified that any disclosure, distribution or action taken based on this email is prohibited and may be unlawful.

Registered Office: DATANET.CO.UK Limited, Aspen House, Barley Way, Ancells Business Park, Fleet, Hampshire, GU51 2UT Registered in England – No. 03214053

The attached file named C/\Users\HOLLY~1.HUM\AppData\Local\Temp\Inv_107666_from_DATANET.CO..xls is an Excel sheet with malicious macro.

The malicious Excel sheet is detected as LooksLike.Macro.Malware.gen!x3 (v) or heur.macro.download.cc by 3 of the 55 engines at Virus Total.
SHA256:b6aec60340d848714df78289f6734d4b3d877dacaea7e70e78bed0ccd4b8b4e7

The macro will download the following file:

encre.ie/u5y432/h54f3.exe

The trojan is known as HEUR/QVM10.1.Malware.Gen by 1 of the 52 AV engines at Virus Total.

Use the Virus Total for more detailed information.
SHA256: 69baedcd4300842e9d2c7c2938bbfcfdb65cf384c6fd8e3b2622f2e1546c9bb7

2 thoughts on “Email “Invoice from DATANET the Private Cloud Solutions Company” contains malicious Excel

Comments are closed.