New javascript malware: Attached picture


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subjects like:

Attached Doc
Attached Document
Attached Image
Attached Picture

This email is send from the spoofed addresses in the format *****@domeinrecipient where ***** is replaced by canon, copier, epson, xerox,… to indicate that the message comes from a scanning device in the company. The email body itself remains empty.

The attached file *****_9187679_288615.zip, always in the format emailaddress recipient followed by various numbers, contains the file DMP5446927213.js or similar.

The malware is detected by 3/56 AV engines at Virus Total. Malwr analysis shows that malware will be downloaded from hxxp://www.challengeprice.com/system/logs/3523523.exe.

The malware is detected by 9/56 AV engines at Virus Total and the analysis is available on Malwr.