Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Costco Acceptance of Order malware

Wednesday, 31 December 2014

Costco Acceptance of Order malware

Costco Acceptance of Order malware has just arrived in time for the New Year...

Headers:

From: Costco
Reply-To: Costco
Subject: Acceptance of Order

Message body:

Our online store Costco.com received an order and the personal data of the recipient coincide with yours.

You may get your order in the nearest Local Store.

Attention! Your order can be reserved within 4 days.

You may see order details here.

Truly yours,
Costco.com

Clicking on the link with a Windows system gives you a zip file (name based on IP address location)

Costco_OrderID-110143-Nantwich.zip

Clicking on the link with an non-Widows system...Yes, Windows 9x...

On the Windows machine, Inside the zip, is Windows executable:

Costco_OrderID-110143-Nantwich.exe

VirusScanner Reports:

Md5 Hash: 01bfae48c34156b7a9aa4c01d6988110
VirusTotal Report : [ 8 / 55] (a variant of Win32/Kryptik.CULP)
Malwr Report
Hybrid-Analysis Report

Cheers,

Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Wednesday, 31 December 2014

Costco Acceptance of Order malware

No comments: