New Javascript malware: Invoice


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Invoice”.

This email is send from the spoofed addresses and has the following body:

Please find the invoice attached.
How about meeting on Friday?

Yours truly,
Celia Mack

SANDERSON GROUP
Phone +1 (034) 518-10-59
Fax +1 (034) 518-10-15
Reply-Index: b4f80c6e9044369fb9e48407131505b7b26a779c8461
e-mail: Mack.44368@boukouvalas.org

The attached file 3dalain_1819047.zip contains the file INV000 fd64.js. Note that the signature in the email and the filenames of the ZIP archive and the payload may change with each email.

The malware is detected by 6/53 AV engines at Virus Total. and more detailed information is available on Malwr.