MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Order PS007XX20000584.
This email is send from the spoofed address “Nicola Hogg <NHogg@pettywood.co.uk>” and has an empty body.
The attached file PS007XX20000584 – Confirmation with Photos.DOC contains the xx kB large file xxxxx.
The malware is detected as Trojan:W97M/MaliciousMacro.GEN, Macro.Trojan-Downloader.Agent.KF LooksLike.Macro.Malware.gen!d1 (v) by 5 of the 55 AV engines at Virus Total.
Malware will be downloaded by the embedded malicious macro from kutschfahrten-friesenexpress.de/8iy45323f/i87645y3t23.exe
The malware is detected as HEUR/QVM19.1.Malware.Gen or PE:Malware.XPACK-LNR/Heur!1.5594 [F] by 2 of the 54 AV engines at Virus Total.