New Word malware: FW: Scan from a Samsung MFP


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “FW: Scan from a Samsung MFP”.

This email is send from the spoofed address “Gareth Evans <gareth@cardiffgalvanizers.co.uk>” and has the following body:

Regards

Gareth

—–Original Message—–

Please open the attached document. It was scanned and sent to you using a
Samsung MFP. For more information on Samsung products and solutions, please
visit http://www.samsungprinter.com.

This message has been scanned for malware by Websense. http://www.websense.com

The attached file Untitled_14102015_154510.doc is a Word file with malicious macro that will download new malware from:

hxxp://test1.darmo.biz/437g8/43s5d6f7g.exe

The malware is detected as LooksLike.Macro.Malware.gen!d1 (v), heur.macro.download.cc or Troj/DocDl-BC by 7 the 55 AV engines at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: 33fee8120dc8e45b20dd17060ed941a9b90142d9254a2ec5ec89196015f6380a

The executable 43s5d6f7g.exe is 193 kB large and is detected as QVM20.1.Malware.Gen by 1 of the 54 AV engines at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: 142e24ba1fdcf998986e526bf2e85dfbc9fe627e5b7b29033ffb45ace6e2c716

One thought on “New Word malware: FW: Scan from a Samsung MFP

Comments are closed.