New Javascript malware: Confirmation letter


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Confirmation letter”.

This email is send from the spoofed addresses and has the following body:

Hi info,

I attached the employment confirmation letter I prepared.
Please check it before you send it out.

Best regards
Ericka Barron

The attached file 5efd73dc4d0.zip contains the file data b522c60f-.js which is a obfuscated Javascript. Filenames will vary with each email.

The malware is detected by 15/54 AV engines at Virus Total and the malware analysis is on Malwr.