New Javascript malware in email “office equipment”


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “office equipment”.

This email is send from the spoofed addresses and has the following body:

Dear ****,

Please sign the attached purchase of the office equipment. We will send you back the receipt afterward.

Best regards,
Marylou Cox
Sales Manager

The attached file e9148007b03c.zip contains the file office_equipment ~2e0c9b44.js.

The malware is detected by 4/55 AV engines at Virus Total. Malwr analysis shows that more malware will be downloaded from hxxp://rejoincomp2.in/1tdqo6. Other hosts might be used in this campaign.