The next in the never ending series of malware downloaders is an email with the subject of Account Statement coming from Morton Lintern <Morton.firstname.lastname@example.org> delivers Dridex banking trojan
I am also seeing other similar subjects including: Outstanding Statement
There will be numerous different versions of this malware coming from random email@example.com and very probably a load of other newly created and registered domains sending this banking trojan.
They use email addresses and subjects that will entice, persuade, scare or shock a recipient to read the email and open the attachment.
This vbs file downloads the Dridex trojan from http://fbl.com.sg/JHG76w23? ( VirusTotal) There will numerous other download sites involved in this malware campaign.
There are 3 sites set as an array in the vbs file. In this example the sites are: fbl.com.sg/JHG76w23?” | “signlight.com.au/JHG76w23?” | “pesonamas.co.id/JHG76w23?”. The VBS attempts to contact the first site in the list and moves on through the others until one responds and gives the Dridex Banking Trojan
To read the original article: