New Word malware: 12/16 A Invoice from Araceli Garcia


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “12/16 A Invoice”.

This email is send from the spoofed address “Araceli Garcia <GarciaAraceli911@latinbienes.com>” and has the following body:

Hi,
Please find attached a recharge invoice for your broadband.

Many thanks,
Araceli Garcia

The attached file invoice84576872.doc is a Word file with malicious macro.

The malware is detected as CXmail/OleDl-A by 1 of the 56 AV engines at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: b5aad3a01e99bcf07c671c7551c2bc2e3445964206cf8ca66ca2e3125128176f

An malicious executable will be downloaded from hxxp://178.33.200.139/chicken/bacon.php by the macro.

The malware is detected as HW32.Packed.BC8B, UDS:DangerousObject.Multi.Generic or BehavesLike.Win32.Downloader.cc by 3 of the 54 AV engines at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: a92650e85ad41e246a59a1eeae52a8bd311e7a5a1b7bb7bcb84c4a0d9169b57d