Analysis by: Jan Lemuel Gonzalvo


Our engineers caught a spam campaign making the rounds, one that involves a fake legal acknowledgement notification that beseeches the user to digitally sign for. The sample caught contains a link which directs you to a site containing a document with HANCITOR malware embedded inside it.

The HANCITOR malware family and its variants use DLLs and embedded executables to download additional payloads. Users affected by this malware may find their systems exhibiting malicious routines from these additional payloads.

Users are always advised to carefully check the emails they receive and check for the validity of the sent mails before opening them (or opening any attachments or links in the email received).

Trend Micro customers are fully protected against this threat.
 SPAM BLOCKING DATE / TIME: May 18, 2017 GMT-8
 TMASE INFO
  • ENGINE:8.1
  • PATTERN:3076.007