Javascript malware in email Invoice 4503 from Glenda Goudie

MX Lab,, started to intercept a new malware distribution campaign by email with the subjects like:

Invoice 4503 from Glenda Goudie
Invoice 4345 from Sally Whitehead

This email is send from the spoofed addresses and has the following body:

You have received an invoice from GLENDA GOUDIE for £4,317.87. To view, print or download a JS copy of your invoice, click the link below:


Best regards, Glenda Goudie

In this case, the embedded URL will download the which contains the obfuscated javascript file view__report__invoice__00001513__Apr___20___2017___lang___gb___GB513___888585_17329_DAK000.js.

The malware is detected by 3/56 AV engines at Virus Total and the analysis is available on Malwr.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s