Payment to <email>
Random order number and purchase amount
Link to Dropbox
The download link goes to variations on https://www.dropbox.com/s/xxx/Invoice_294.PDF.scr?dl=1. The retrieved file for this sample has filename GBWNkgcdZ5GFTcBjE6gXTflu3VPLZDCX3zDEXM4ku35IhUrh5haqM9jidSC4nVkF@dl=1, sha256 b4b0d32c8aba6b319587f0828e607327fcdc763a39af4a0479efd2ec49fba949. VirusTotal finds only 1 of 54 tested AV detect it (as Spyware.Zbot.VXGen).
This is a different subject, hash, and detection from what Malcovery reported yesterday, but is still consistent with the Gameover Zeus botnet.
If you receive this spam, don't click the link.
