Subj : trojan inside. another one
To : All
From : August Abolins
Date : Thu Mar 12 2020 07:33 pm
Got another one. Thankfully my email service parked it inside the JUNK folder
on
the server side.
=-=-= the suspect BEGIN =-=-=
Invoice Due #974051
From Leanor Dana <
[email protected]>
Date Wed 10:43 am
Attachments: ref_791186.xls (~65 KB)
Message Body:
Good Morning,
Your invoice is attached.
Please remit payment at your earliest convenience.
Thank you for your business.
_______________________________________
Lolly Lana
CPA + Partner
Coval Anderson Coval LLC
868 Washington St
Easton, MA 02375
Tel 508-238-7110
Fax 508-238-7222
www.CovalAndersonCoval.com
=-=-= the suspect END =-=-=
THEN, I sent the attachment to VirusTotal:
File submitted: ref_791186.xls
Reconstitutes as: mime-part--98558-4225.xls
20 engines detected this file
Ad-Aware Trojan.GenericKD.33535968
AegisLab Trojan.MSOffice.Pederr.4!c
Arcabit Trojan.Generic.D1FFB7E0
BitDefender Trojan.GenericKD.33535968
Cyren W97M/Agent.D
DrWeb Exploit.Siggen.62209
Emsisoft Trojan.GenericKD.33535968 (B)
eScan Trojan.GenericKD.33535968
ESET-NOD32 DOC/TrojanDownloader.Agent.AUQ
F-Prot W97M/Agent.D
GData Trojan.GenericKD.33535968
Ikarus Trojan-Downloader.VBA.Agent
Kaspersky HEUR:Trojan.MSOffice.Pederr.gen
MAX Malware (ai Score=86)
McAfee-GW-Edition Artemis
Microsoft Trojan:Win32/Emali.B!cl
Qihoo-360 Generic/Trojan.07c
Sophos AV Troj/DocDl-XUL
TACHYON Trojan/XF.Downloader.Gen
ZoneAlarm by Check Point HEUR:Trojan.MSOffice.Pederr.gen
BitDam ATP MALWARE
Dr.Web vxCube EXPLOITMALWARE
Lastline MALWARETROJAN
It is disconcerting that several popular scanners can't detect a problem:
AhnLab-V3 Undetected
ALYac Undetected
Antiy-AVL Undetected
Avast Undetected <===!!!
Avast-Mobile Undetected
AVG Undetected <===!!!
Avira (no cloud) Undetected
Baidu Undetected
BitDefenderTheta Undetected
Bkav Undetected
CAT-QuickHeal Undetected
ClamAV Undetected <===!!!
CMC Undetected
Comodo Undetected <===!!!
F-Secure Undetected <===!!!
FireEye Undetected
Fortinet Undetected
Jiangmin Undetected
K7AntiVirus Undetected
K7GW Undetected
Kingsoft Undetected
Malwarebytes Undetected <===!!!
MaxSecure Undetected
McAfee Undetected <===!!!
NANO-Antivirus Undetected
Panda Undetected <===!!!
Rising Undetected
Sangfor Engine Zero Undetected
SentinelOne (Static ML) Undetected
SUPERAntiSpyware Undetected
Tencent Undetected
TrendMicro Undetected <===!!!
TrendMicro-HouseCall Undetected <===!!!
VBA32 Undetected
VIPRE Undetected
ViRobot Undetected
Yandex Undetected
Zillya Undetected
Zoner Undetected
Acronis Unable to process file type
Alibaba Unable to process file type
SecureAge APEX Unable to process file type
CrowdStrike Falcon Unable to process file type
Cybereason Unable to process file type
Cylance Unable to process file type
eGambit Unable to process file type
Endgame Unable to process file type
Palo Alto Networks Unable to process file type
Sophos ML Unable to process file type
Symantec Mobile Insight Unable to process file type
Trapmine Unable to process file type
I looked inside the file with Notepad ++. There were a few revelations!
I feel like sending back a reply with the same attachment. My message would be:
[1]
"See attachment for a reciprocation."
Or,
[2]
Our computers are not responding following your email. Please mail paper
copy to:
{insert Police station address here}
Or,
[3]
I do not agree with line 3. See attachment.
I would guess that maybe they have clueless "clerks" who might just fall for
their own tricks.
--
Kad esat sagriezis maizi, to vairs nevarat salikt.
--- TB68.4.1/Win7
* Origin: nntp://rbb.fidonet.fi - Lake Ylo - Finland (2:221/360.0)
