This fake banking email leads to malware. we energies From :

This fake banking email leads to malware. we energies From :    invoice@bankline.ulsterbank.ie [invoice@bankline.ulsterbank.ie] Date :    2 April 2015 at 11:46 Subject :    Outstanding invoice Dear [victim],
Please find the attached copy invoice we energies which is showing as unpaid on our ledger. To download your invoice please click here I would be grateful if you could look into this matter and advise on an expected payment date . Courtney Mason Credit Control Tel: 0845 300 2952  The link in the email leads to a download location at hightail.com (the sample I saw downloaded from https://www.hightail.com/download/e?phi_action=app/directDownload&fl=SWhZekZucVhVbTlFQlFJWjA4bnVnVE9yZWt5UmdteDRsUjJuWENHRzVZbz0 ) which is a file called Doc_0062119-LQ.zip which in turn contains the malicious executable Doc_0062119-LQ.scr . The executable has a VirusTotal detection rate of 3/57 and has characteristics that identify it as Upatre. Automated analysis tools [1] [2] [3] [4] [5] show that it downloads additional components from: eduardohaiek.com/images/wicon1.png edrzambrano.com.ve/images/wicon1.png   It also POSTs data to 141.105.141.87 (Makiyivka Online Technologies Ltd, Ukraine) in a characteristic Upatre manner: http://141.105.141.87:13840/0204uk11/HOME/0/51-SP3/0/ELHBEDIBEHGBEHK According to the Malwr report , the downloader drops a file gkkjxyz22.exe which has a detection rate of 2/57 . This is probably the Dyre banking trojan. Recommended blocklist: we energies 141.105.140.0/22  eduardohaiek.com edrzambrano.com MD5s: 4c666564c1db6312b9f05b940c46fa9a 876900768e06c3df75714d471c192cc6
Atom
pdatamc.org / publicdmc.cn domain scam
▼  2015 (137) ▼  April (24) Malware spam: "Decisive notification about your Au... pdatamc.org / publicdmc.cn domain scam businessexecutives01.com / theexecutivesbrand.com ... Malware spam: "Invoice from Living Water" / "Natal... Digital Networks CJSC aka DINETHOSTING and 79.137.... Malware spam: "Kairen we energies Varker [mailto:kvarker@notif... we energies Namailu.com spam Malware spam: "Matthews, Tina [tina@royalcarson.co... Malware spam: "Invoice from COMPANY NAME" / 31.24.... Malware spam: "TWO UNPAID INVOICES" / "Wayne Moore... Malware spam: "COMPANY NAME has issued the claim a... Malware spam: "Order Confirmation Order BNTO056063... Malware spam: "EBOLA INFORMATION" / "noreply@ggc-o... Malware spam: "Copy invoices Snap on Tools Ltd" / ... Malware spam: "Scanned document from HP/Brother/Ep... Malware spam: "Sage Invoice [invoice@sage.com]" we energies / ... Malware spam: "invoice@bankline.ulsterbank.ie" / "... Malware spam: "Your Remittance Advice COMPANY NAME... Malware spam "Unpaid Invoice [09876] attached" / "... Malware spam: "Batchuser BATCHUSER [ecommsupport@c... Malware spam: "Australia Post" / "Track Advice Not... Malware spam: "Australian Taxation Office - Refund... "You've received a Telex" spam UK government to regulate online smut, launches PO... ►  March (34) ►  February (39) ►  January (40) ►  2014 (389) ►  December (25) ►  November (26) ►  October (35) ►  September (46) ►  we energies August (31) ►  July (38) ►  June (28) ►  May (27) ►  April (24) ►  March (32) ►  February (42) ►  January (35) ►  2013 (565) ►  December (24) ►  November (29) ►  October (37) ►  September (46) ►  August (44) ►  July (62) ►  June (42) ►  May (39) ►  April (67) ►  March (67) ►  February (60) ►  January (48) ►  2012 (492) ►  December (48) ►  November (43) ►  October (62) ►  September (34) ►  August (39) ►  July (27) ►  June (33) ►  May (25) ►  April (55) ►  March (57) ►  February (42) ►  January (27) ►  2011 (194) ►  December (49) ►  November (18) ►  October (23) ►  September (22) ►  August (10) ►  July (22) ►  June (18) ►  May (11) ►  April (11) ►  March (7) ►  February (3) ►  2010 (151) ►  December (5) ►  November (7) ►  October (18) ►  September (13) ►  August (15) ►  July (32) ►  we energies June (9) ►  we energies May (11) ►  April (13) ►  March (2) ►  February (12) ►  we energies January (14) ►  2009 (132) ►  December (5) ►  November (13) ►  October (1