Fake email NEW ORDER PO_A2528/20160806 from Cimcoop Holding contains malware


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “NEW ORDER  PO_A2528/20160806”.

This fake email is send from the spoofed address “Irina Metodieva [imports.falcos@gmail.com]”, is signed with the name Irina Metodieva from Cimcoop Holding LTD and has the following body:

Dear Sir,

Please find attached our PO_A2528/20160803, kindly send us Proforma Invoice for the listed attached products and your possible estimated delivery time to enable us proceed accordingly

Your prompt reply is needed.

Regards,
Irina Metodieva
sales

Cimcoop Holding LTD
Tel: (+3592)955-9741
Fax: (+3592)955-9941
Cell: (+359)885-262-952
http://www.cimcoop.com

The attached file PO_A252820160806.zip contains the file PO_A252820160806.scr.

The malware is detected by 5/53 AV engines at Virus Total and the analysis is available on Hybrid-Analysis.

One thought on “Fake email NEW ORDER PO_A2528/20160806 from Cimcoop Holding contains malware

Comments are closed.