OTRO MAIL MALICIOSO QUE LLEGA DESDE MALASIA ANEXANDO KEYLOGGER REMCOS

Se está recibiendo nuevo mail masivo que anexa fichero ICO malicioso conteniendo un KEYLOGGER REMCOS que pasamos a controlar a partir del ELISTARA 40.75 de hoy

El TEXTO DE DICHO MAIL ES EL SIGUIENTE

______________________________________

Asunto: RE: Order SV 26 + Price List 2018 Confirmation + Request for Quotation/ Payment
De: Davidb Jackson <davidb.jackson@hammondtractor.com>
Fecha: 22/02/2019 23:02
Para: DESTINATARIO

We spoke with your colleague on the phone and we were asked to contact you.

We plan to place our official order for the year 2019.
Your company provided us with your pricelists and offer November 2018 (See attached your pricelist for your reference)

Find your attached pricelist and update us if they are still workable for our new order?
We hope you can retain the previous quoted price in 2018.

We have cleared all old debts, find attached herewith our proof of payment too.

NOTE: Our Company Name Changed February 15, 2019. All old documents remain valid.
We are clearing all outstanding bill payments owed to our previous company name.

Thank you.

Warm Regards,

Davidb Jackson

Caldbeck Macgregor (M) Sdn Bhd

No.9, Jalan Pemaju U1/15, Seksyen U1,

Hicom Glenmarie Industrial Park,

40150 Shah Alam, Selangor, Malaysia.

Tel : +603-5569 2283 (Ext:315) Fax : +603-5569 2383

anexado: Order_026647845.ISO —> contiene fichero .COM con el mismo nombre, que es un KEYLOGGER REMCOS

______________

El preanalisis de virustotal sobre dicho fichero ofrece el siguiente informe>

Como otros REMCOS, queda residente y genera la carpeta REMCOS donde deposita el log.dat con lo que va capturando

Lo pasamos a controlar a partir del ELISTARA 40.75 de hoy.

saludos

ms, 25-2-2019