New Word macro enabled malware: Documents Requested


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with “Documents Requested” in the subject line:

Documents Requested
Re: Documents Requested
Fw: Documents Requested

This email is send from the spoofed addresses and has the following body including different name of a person at the end of the email:

Dear ****.****,

Please find attached documents as requested.

Best Regards,
Samantha

The attached file in this case is named Untitled(7).docm and this is a Word file with malicious macro.

Other file names have also being noticed like doc(929).docm, doc(2).docm, new doc(54).docm,…. so the file name will vary with each email.

The malware is detected by 7/55 AV engines at Virus Total and the analysis is available on Hybrid Analysis.