Author Topic: DOCX/DOC Trojan downloader (in spanish)  (Read 665 times)

0 Members and 1 Guest are viewing this topic.

Offline andresu

  • Newbie
  • *
  • Posts: 1
DOCX/DOC Trojan downloader (in spanish)
« on: December 12, 2018, 09:07:37 PM »
Hi,
I have been reading the forum, and I cannot find some reference to a new type of viruses that is spreading by email in Argentina.
The users receive a spoofed mail with real data (name, subject, and sign). This mails are sent using smtp servers different to the original domain name.

The mail claims to user to open an DOC / DOCX attached, called "Factura.docx" or variants, and relies in the user curiosity to open.

I have attached a sample, (please rename to DOC, due to forum cannot allow post of doc files)

 and here is the virustotal detection:  https://www.virustotal.com/#/file/5df2004a2013e136c42770dec6a6a128819ffa86d35ec811aca59ecf8d935b9e/community

I have subitted this sample too, to Avast viruslab - but I have received a confirmation as "False positive report".

This appears to be affecting only users in Argentina.

Waiting for your comments.

Offline Asyn

  • Avast √úberevangelist
  • Certainly Bot
  • *****
  • Posts: 70273
    • >>>  Avast Forum - Deutschsprachiger Bereich  <<<
Re: DOCX/DOC Trojan downloader (in spanish)
« Reply #1 on: December 13, 2018, 05:29:20 AM »
You can report a suspicious/malicious sample (File/Website) here: https://www.avast.com/report-malicious-file.php
W8.1 [x64] - Avast PremSec 21.4.2463.B4i [UI.617] - EEK - Firefox ESR 78.10.1 [NS/uBO/PB] - TB 78.10.1
Avast-Tools: Secure Browser 90.1 - Cleanup 21.1 - SecureLine 5.11 - Driver Updater 21.1 - CCleaner 5.78
Avast Wissenswertes (Downloads, Anleitungen & Infos): https://forum.avast.com/index.php?topic=60523.0