“Your Amazon.co.uk order has dispatched (#203-2083868-0173124)” Spam / Virus

Posted on November 3, 2014 by thecomputerperson

A family member had an email today titled “Your Amazon.co.uk order has dispatched (#203-2083868-0173124)” with attachment ORDER-203-2083868-0173124.doc

Upon opening it requires Macros to be enabled (Macro is here), once enabled it contacts
http://garfield67.de/1.exe – Virustotal Report // Malwr Report
And downloads the file and saves it to (or similar):
C:\Users\USERNAME\AppData\Local\Temp\SUVCKSGZTGK.exe

It then communicates with CnC server:

http://84.40.9.34/er4MwnMr9/i1/eUOnP/%20P_ErTo

inetnum: 84.40.9.0 – 84.40.9.255
netname: HWUK-VPS1
descr: Virtual Private Servers
country: EU
admin-c: HM2016-RIPE
tech-c: HM2016-RIPE
status: ASSIGNED PA
mnt-by: HOSTWAYEU-MNT
source: RIPE # Filtered

This entry was posted in Uncategorized. Bookmark the permalink.

1 Response to “Your Amazon.co.uk order has dispatched (#203-2083868-0173124)” Spam / Virus

Pingback: Failed Fax Transmission to 01616133969@fax.tc | thecomputerperson

Comment on this topic

Enter your comment here...

Fill in your details below or click an icon to log in:

Email (required) (Address never made public)

Name (required)

Website

You are commenting using your WordPress.com account. ( Log Out / Change )

You are commenting using your Twitter account. ( Log Out / Change )

You are commenting using your Facebook account. ( Log Out / Change )

Cancel

Connecting to %s

%d bloggers like this: