Wednesday, 31 December 2014

Costco Acceptance of Order malware

Costco Acceptance of Order malware has just arrived in time for the New Year...

Headers:
From: Costco
Reply-To: Costco
Subject: Acceptance of Order
Message body:
Our online store Costco.com received an order and the personal data of the recipient coincide with yours.

You may get your order in the nearest Local Store.

Attention! Your order can be reserved within 4 days.

You may see order details here.

Truly yours,
Costco.com


Clicking on the link with a Windows system gives you a zip file (name based on IP address location)

Costco_OrderID-110143-Nantwich.zip
Clicking on the link with an non-Widows system...Yes, Windows 9x...




On the Windows machine, Inside the zip, is Windows executable:
Costco_OrderID-110143-Nantwich.exe


VirusScanner Reports:
Md5 Hash: 01bfae48c34156b7a9aa4c01d6988110
VirusTotal Report : [ 8 / 55] (a variant of Win32/Kryptik.CULP)
Malwr Report
Hybrid-Analysis Report
Cheers,

Steve
Sanesecurity.com

No comments: