New WSF malware in email with subject “Fixed invoices”


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Fixed invoices”.

This email is send from the spoofed addresses and has the following body:

Dear fabbfdcc7,

Sorry for mistakes in the invoice. The number is 362, the amount came to $289.26.
Please check out the details in the attachment.


Best Regards,
Mae Suarez

The attached file inv0230538.zip contains the file ~_R8O2LU_~.wsf.

The malware is detected by 3/54 AV engines at Virus Total and a Malwr analysis is available.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s