New Word malware: Order PS007XX20000584


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Order PS007XX20000584.

This email is send from the spoofed address “Nicola Hogg <NHogg@pettywood.co.uk>” and has an empty body.

The attached file PS007XX20000584 – Confirmation with Photos.DOC contains the xx kB large file xxxxx.

The malware is detected as Trojan:W97M/MaliciousMacro.GEN, Macro.Trojan-Downloader.Agent.KF LooksLike.Macro.Malware.gen!d1 (v) by 5 of the 55 AV engines at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: 28e5175f9dec6a1d176db23e5e4e068a0782e02c046c049d3f90b0884d626e77

Malware will be downloaded by the embedded malicious macro from kutschfahrten-friesenexpress.de/8iy45323f/i87645y3t23.exe

The malware is detected as HEUR/QVM19.1.Malware.Gen or PE:Malware.XPACK-LNR/Heur!1.5594 [F] by 2 of the 54 AV engines at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256:  6b20d33e98443022bf235d483f3dcbe607dfea9cf86f191489b730b8eb22e217