The bait is a shipping receipt, attached as an .xlsm file. This, if opened, contacts a random link from an internal list and downloads a DLL, which starts malware infection.
Technical analysis by the Malware Hunter JAMESWT
New cybercrime campaign to convey MassLogger. The bait is always false invoices. The .doc file contacts a link from which the malware is downloaded
MassLogger still attacks with the usual fake invoice bait coming from a real company. The attachment contains a .doc file which, if opened, contacts a link from which the malware is downloaded. This is a keylogger that steals login credentials and sensitive data, which are transmitted to C2 servers via smtp.
The fake mail from the real company
The flow of data exfiltrated via SMTP
DNS HTTP/HTTPS requests / Connection