Fake email NEW ORDER (URGENT AIR SHIPMENT) from Cimcoop Holding contains malware


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “NEW ORDER (URGENT AIR SHIPMENT) ”.

On the 4th August we detected and intercepted a similar campaign Fake email NEW ORDER PO_A2528/20160806 from Cimcoop Holding contains malware but with a ZIP file.

This fake email is send from the spoofed address “Andrea Scott <andres.knatorowicz@gmail.com>”, is signed with the name Andrea Scott from Cimcoop Holding LTD and has the following body:

Dear Sir,

Please find attached our new orders and qoute your best prize. Your urgent response will be appreciated as we would like delivery to done mid September if possible.

Do let us know if you have any further queries and we look forward to hear from you soon.

Best regards.
Andrea Scott
sales

Cimcoop Holding LTD
Tel: (+3592)955-9741
Fax: (+3592)955-9941
Cell: (+359)885-262-952
www.cimcoop.com

The attached file PO#5011023087.doc . is detected by 13/54 AV engines at Virus Total and the analysis is available on Malwr and Hybrid-Analysis.