sanesecurity.blogspot.com
Open in
urlscan Pro
2a00:1450:4001:808::2001
Public Scan
URL:
http://sanesecurity.blogspot.com/2015/11/2-invoices-attached-invoices17080258doc.html
Submission Tags: falconsandbox
Submission: On June 14 via api from US — Scanned from DE
Submission Tags: falconsandbox
Submission: On June 14 via api from US — Scanned from DE
Form analysis 1 forms found in the DOM
http://sanesecurity.blogspot.com/search
<form action="http://sanesecurity.blogspot.com/search" class="gsc-search-box" target="_top">
<table cellpadding="0" cellspacing="0" class="gsc-search-box">
<tbody>
<tr>
<td class="gsc-input">
<input autocomplete="off" class="gsc-input" name="q" size="10" title="search" type="text" value="">
</td>
<td class="gsc-search-button">
<input class="gsc-search-button" title="search" type="submit" value="Search">
</td>
</tr>
</tbody>
</table>
</form>Text Content
SANESECURITY CLAMAV BLOG: ZERO HOUR MALWARE, PHISHING AND SCAMS
A hopefully interesting blog from the world of zero hour malware, phishing,
scams and spams
AMAZON3
PAGES
* Home
* FAQ
* Online Scanners
* Adware
* Rescue CD
* Backups
* Shop
* Disclaimer
AMAZON
MONDAY, 16 NOVEMBER 2015
2 INVOICES ATTACHED INVOICES_17080258.DOC METROPOLITAN, AN RR DONNELLEY COMPANY
Description:
2 Invoices Attached invoices_17080258.doc macro malware from Metropolitan, An RR
Donnelley Company
Headers:
From: Loris Louis {LouisLoris305@haffendencommunications.com.au}
Subject: 2 Invoices Attached
Message Body:
Good morning,
Please see the attached invoices and remit payment according to the terms listed
at the bottom of the invoice. If you have any questions please let us know.
Thank you!
Loris Louis
Accounting Specialist| Metropolitan, An RR Donnelley Company
Attachment filename(s):
invoices_17080258.doc
Sha256 Hashes:
05f245ab40af49e8c020dcb20f205f3ac483af720e94a3a8153ac7d1ba69fe39 [1]
1ca7fbd30789f36254743aa393a8dea6bf129d5d2d18317fe8e3f109626bcc8b
2299f8e1dbf0e794ef945b497d7ca7aa5f273af0d00fbd564e01bf321727a1e4
2b93286adf28fdc74c3a4fc4dba876ff369683793052e463120ed4597bb65740
2f51e826fbbf1ba4ac7aafc8a20d5b13575b4de8c30216488751c5aef9b1a42c
2fbc633647db3c882ea70075b665aef4f4518420d5378a141dd80da4707af06b
3cc91a2003cd40d6a90fa03cd247d8fc95881edba2ef8aac7ffade010c1a2989
42b0f3257a45607d690603cf6082b7df6bee0925bb39dd93d900ebb50ba93f7a
43fae108301f48ba2baf87ac98867971e0a17949b8cf9ac156e6e8ebec719804
4c4836f2579bfa023fa4de212b517132cc92c518b05936a9f88765b2a160b118
5d63b4e61146bab7e21c0b9df596ac50c4edf5eaa69608848b7bb41340ba31d1
5f0231e1380832f83f7de1aa8ec0870fc2a54544e9380cf75b12f58de7b8d663
6c86f4e75b953f7c3249a97a0ba58d870a9ffdb88afb0927f206b09dbc703458
6d623f20745702452c50c3674a11087405a67a5368ecec2aa58b72a2106b442d
817aad028388eb81d32c068d277d584f326a648d37e339c3090f1340532f5e1f
81c378ebef8226210fe4015cd6da6fd8d9a9c747f7ef1cb4213113d80431f1ad
8955121333f5d316ca2b77bc8246917bf083752bb033d72b51d2d60f56e496a0
b1b973410153e9aa9aae275fcceeaa57c026c63d7c6a26b70c2d38158cdffd7e
b2277956570bf0c6ad744e9254dfd9fb5a5c9ea92794e3b3844953d702be1075
b4ec4eca8c412bfb2f626167701077f5d2dfedd262fa770c6106775d6eacc169
b5143f23db24796afa4348795dd3868564536e0eb94030f5d35dadbe0c05c994
bbfb9f85b09ba93fafd007d237b82bbb123ba8aab53d2b22f5b7f833f75604e2
cbfcbb7631947e6b8700bd71669d11113873f08a7a4cded5a669f93edb8f6d3d
d5b7b58ae1bd70374200209c550ebabbacaa8b0df75bd70346da5f82bddbe08a
d9717b1541de35c43cbc7380018bfb991de77d41d3a7ad7a80d24db23f7b90f8
e636cbe9170f342dc2b67e3562446745e7b3162a127abb20ec8de1da0f691c38
ed30ad134a805bb5dedba07c229b2de8fc9504c958a23e6a7a114d0c299af238
ef3409bf701230af2bbc42fb2b21cd6f998607a209928bd01f32ce795c8ae774
f00bc4f8f7d88fb8866aa98d0eebebca0f2f1210745c33495f4caaf860dfe116
f0ecb767864db1c1ac17cf2afecb96ba760afdda0543a7e68981c34065c0bae2
f2f2cf8aca5081eefe3c9a23c4ad1ea9e3fde3dd5595f12d2f193f9f48ae517f
f8853fdd580fe86d3536bd0f08c2cbdc852bf7aa8bca5ed76f629d1e91d252f7
f989401966e8e25f707a8865afe7f20f1f3d5fc856cfbd1d7ff0fe1f55d373cc
Malware Virus Scanner Report(s):
VirusTotal Report: [1] (detection 2/55)
Sanesecurity Signature detection:
badmacro.ndb: Sanesecurity.Badmacro.25109.GenDocHeur.
Important notes:
Am I Safe?
The current round of Word/Excel/XML/Docm attachments are targeted at Windows and
Microsoft Office users.
Apple (Mac/iPhone/iPad), Android and Blackberry mobiles/tablets that open these
attachments will be safe.LibreOffice and OpenOffice users should also be safe
but do not enable macros if asked to by the
attached file.
If you have Macros disabled in Microsoft Word or Microsoft Excel, you should be
safe but again,
do not enable macros if asked to by the attached file.
However, if you are an (Mac/iPhone/iPad), Android and Blackberry mobiles/tablet
user.. and forward the message to a Windows user, you will then put them at risk
of opening the attachment and auto-downloading the malware.
These word/excel attachments normally try to download either...
Dridex banking trojan,
Shifu banking trojan
... both of which are designed to steal login information regarding your bank
accounts either by
key logging, taking screen shots or copying information directly from your
clipboard (copy/paste)
It's also worth remembering that the company itself may not have any knowledge
of this faked email and any link(s) or attachment in the email normally won't
have come from their servers or IT systems but from an external bot net.
These bot-net emails normally have faked email headers/addresses.
It's not advised to ring/email the the company themselves, as there won't really
be anything they can do to help you or to stop the emails being spread.
Cheers,
Steve
Sanesecurity.com
Posted by Steve Basford at 15:13
Email ThisBlogThis!Share to TwitterShare to FacebookShare to Pinterest
NO COMMENTS:
Post a Comment
Newer Post Older Post Home
Subscribe to: Post Comments (Atom)
AMAZON4
AMAZON2
SEARCH THIS BLOG
LABELS
account deactivated account verification adp invoice apple apple account
suspended AquAid attachment bacs bank of canada BankBot barclays binarybot
binaryworking.com bot Bracegirdle camshots Card Receipt CHRISTMAS OFFERS Copy of
Weekly Summary costco court currency changes Datasharp UK Ltd dating dating scam
dridex Elena Eliza Fernandes EME018.docx excel document malware fake faktura
Fanny's fax fax report fed FMG Support Group Ltd HMRC how are you HSBC iCloud
hacking iDict Ieuan James Insurance Inspection Arranged invoice Invoice from
Hexis invoices irs Jayne route2fitness job job scam Keynsham Les Mills Invoice
maco malware macro macro malware malware malware.macro marco Me new photo my
latest photos natwest netcarrer.com notice NOVEMBER INVOICE ADVISE
NUCSOFT-Payroll December password PAYMENT ADVICE payment notice Payment request
of Payment request of (14 JAN 2015) paypal phishing photo collection photos
receipt of payment Remittance Advice Rhianna Wellings Rosetta Russia russian
russian girls russian women Santander scam Senior Accountant SEPA payment
signature invoice spam teckentrupdepot Tracey Smith Tracey Smith malware
tracey.smith@aquaid.co.uk UK Fuels UK Fuels E-bill vat webscareer.com wife word
document word document maware word malware wordlist workingmoneys
worksinworld.com
(c) Sanesecurity. Awesome Inc. theme. Powered by Blogger.
BLOG ARCHIVE
* ► 2016 (66)
* ► July (2)
* ► March (1)
* ► February (10)
* ► January (53)
* ▼ 2015 (568)
* ► December (27)
* ▼ November (33)
* Ivan Jarman Sportsafe Invoice S-INV-BROOKSTRO1-476...
* Aline: Tax Invoice #40525 Bruce Sharpe alinepumps.com
* Lucie Newlove Invoice Document SI528880
* Your car rental invoice from Avis, No. E947168460
* Deborah Briggs E Payment Fred's Super Dollar
* Dridex Macro Malware Summary
* Abcam Despatch [CCE5303255] macro malware
* IMPORTANT! U.S. Treasury Department FEDERAL RESERV...
* Melissa O'Neill Scan as requested newhopecare.co.uk
* UKMail 988271023 tracking information malware 9882...
* Employee Documents Internal Use Employee Documents...
* tracey.beedles@eurocarparts.com Reprint Document a...
* Jean Pierre Kibungu 0150363108788101_02416060_1.xls
* Invoice and VAT Receipt EDMUN11118_181859 [Account...
* Your Google invoice is ready billing-noreply@googl...
* [Shipping notification] N8432023 (PB UK) cevalogis...
* Receipt mike@xencourier.co.uk scan0001.xls
* Barnett, Paul Copy Statement Paul.Barnett@bausch.c...
* 2 Invoices Attached invoices_17080258.doc Metropol...
* Toll IPEC invoice/statement (80458249) ipecar@tol...
* Your new Telstra bill for account 2000514059862 is...
* Debbie Haydon Invoice mvmilk.co.uk V414980.XLS
* AccountsPayable Norfolk.gov.uk Remittance Advice
* OfficeFurnitureOnline Invoice SI823610 from Office...
* Mark Singleton PO99631 Gilkes Pumping Systems
* clicktravel.com Itinerary #C003NS39 Hotel-Fax-V004...
* shared "Amendment or the Agreement_09-11-2015.zip"...
* OUTSTANDING INVOICES Steve McDonnell
* Sarah Jeffes Payment Notification
* Invoice #00004232; From Timber Solutions ESale.xls
* Document from AL-KO info@alko.co.uk Document from ...
* ACUVUE_DEL Delivery Confirmation 0068352929 Advanc...
* Margaret Wimperis Purchase Order 37087-POR PORDER.DOC
* ► October (32)
* ► September (1)
* ► August (11)
* ► July (5)
* ► June (14)
* ► May (21)
* ► April (58)
* ► March (142)
* ► February (81)
* ► January (143)
* ► 2014 (48)
* ► December (43)
* ► November (3)
* ► October (2)
* ► 2013 (3)
* ► November (2)
* ► March (1)
* ► 2011 (2)
* ► May (1)
* ► March (1)
* ► 2010 (2)
* ► September (1)
* ► August (1)
* ► 2009 (8)
* ► October (1)
* ► August (1)
* ► June (1)
* ► March (1)
* ► February (2)
* ► January (2)
* ► 2008 (11)
* ► December (1)
* ► August (6)
* ► July (2)
* ► May (2)
* ► 2007 (52)
* ► November (1)
* ► October (1)
* ► September (7)
* ► August (3)
* ► July (7)
* ► June (4)
* ► May (24)
* ► April (5)
ABOUT ME
Steve Basford View my complete profile
Diese Website verwendet Cookies von Google, um Dienste anzubieten und Zugriffe
zu analysieren. Deine IP-Adresse und dein User-Agent werden zusammen mit
Messwerten zur Leistung und Sicherheit für Google freigegeben. So können
Nutzungsstatistiken generiert, Missbrauchsfälle erkannt und behoben und die
Qualität des Dienstes gewährleistet werden.Weitere InformationenOk