New Javascript malware: FW: Payment ACCEPTED M-395526


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “FW: Payment ACCEPTED M-395526”.

This email is send from the spoofed addresses and has the following body:

Dear 09e4eb0,

Please check the payment confirmation attached to this email.
The Transaction should appear on your bank in 2 days.

Thank you.

Kimberley Bauer
Sales Manager

The attached file payment_document_395526.zip contains the 20 kB large folder payment_document_395526 with the following files inside:

document_1af115f7.js
payment_details_7fa41c.js
hgfyibn.bmp

The file document_1af115f7.js is detected as HEUR.JS.Trojan.b or JS/Downloader.gen.bi by 3 of the 54 AV engines at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: 195b32a1c365b2101fc263ace535a7e53b5c052c7af6abb9317df672d8ba275e

The file payment_details_7fa41c.js is detected as HEUR.JS.Trojan.b or JS/Downloader.gen.bi by 3 of the 57 AV engines at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: 4fbd175f44fb6e7d2762c8b2f3b0ee16e52872bd71e6260d01f9a81068a1a635

Note: numbers in the subject and filenames may change with each email.

One Response to New Javascript malware: FW: Payment ACCEPTED M-395526

  1. Pingback: New Javascript malware: FW: Order F-456933 | mxlab - all about anti virus and anti spam

Follow

Get every new post delivered to your Inbox.

Join 2,146 other followers

%d bloggers like this: