New Javacsript malware in email “Statement” with monthly financial statement


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Statement”.

This email is send from the different spoofed email address and has the following body – each time signed with a different name at the end:

Hi,

The monthly financial statement is attached within the email.
Please review it before processing.

King regards,
Wendi Burnett

(Topic-ID: e75fb3dd7e84b6fd59b55b5a6432f7f1a1fba8cd342a)

The attached file ad1a821332cf.zip contains the file monthly_financial_scan 0c2d5b8d.js.

The malware is detected by 10/56 AV engines at Virus Total and the malware is analyzed by Malwr.