This is a version of Nanocore RAT being delivered via a fake Purchase Order. The file has an invalid, Expired Digital Signature that says Google. It is reasonably well detected by Antiviruses although most of them are Generic / Heuristic detections. This attempts to connect to a dynamic DNS service youngboss84.ddns.net. It looks like the dynamic dns service that has shut it down because we are given a 0.0.0.0 IP address as a look up . They use email addresses and subjects that will entice a user to read the email and open the attachment. A very high proportion are being targeted … Continue reading →