The email attachment contains an exe file, the malware itself, which downloads other payloads. At the moment, however, it is not known what they are.
Technical analysis by the Malware Hunter JAMESWT
Azorult’s global campaign also arrives in Italy. The decoy is a false order from a Taiwanese company. The xls attachment, if opened, contacts a link and redirects the victim to a malicious site, which downloads the malware
Azorult’s global campaign also arrives in Italy. In the past few hours, false emails from a real Shanghai company, referring to an alleged order of products, have been circulating. The xls attachment of the message, if opened, contacts a link that redirects the user to a malicious site from which the malware is downloaded. The target appears to be companies. Azorult is an information stealer that steals browser history, cookies, ID / password, cryptocurrency and other information. Furthermore, it can act as a downloader to download other malicious payloads. A variant of it, however, is able to create a new hidden administrator account on the infected computer, in order to set the registry keys to create a Remote Desktop Protocol (RDP) connection.
The fake email
The xls attachment
The link redirection