Javascript malware in email Invoice 4503 from Glenda Goudie


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subjects like:

Invoice 4503 from Glenda Goudie
Invoice 4345 from Sally Whitehead

This email is send from the spoofed addresses and has the following body:

You have received an invoice from GLENDA GOUDIE for £4,317.87. To view, print or download a JS copy of your invoice, click the link below:

hxxp://capitalbud.com.ua/invoice-doc-979.rep/

Best regards, Glenda Goudie

In this case, the embedded URL will download the view__report__invoice__00001513__Apr___20___2017.zip 000.zip which contains the obfuscated javascript file view__report__invoice__00001513__Apr___20___2017___lang___gb___GB513___888585_17329_DAK000.js.

The malware is detected by 3/56 AV engines at Virus Total and the analysis is available on Malwr.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s