New Javascript malware: Budget reports


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject  “Budget reports”.

This email is send from the spoofed addresses and has the following short body:

Hey *****

I attached the annual budget reports that you asked me to send to you.

Best regards,
Sasha Perez

The attached file 25e1ed3a175.zip contains the file annual_budget_ 69fe0cf1~.js which is an obfuscated Javascript. Note that the file name will vary, the Javascript file will be in the format annual_budget_***.js.

The malware is detected by 5/54 AV engines at Virus Total.