in the form of a html email, with an attached Zip.
Headers:
Message body:
| Your most recent ADP invoice is attached for your review.
If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.
Please note that your bank account will be debited within one banking business day for the amount(s) shown on the invoice.
Thank you for choosing ADP for your business solutions.
Important: Please do not respond to this message. It comes from an unattended mailbox. |
The auto-downloaded Zip file is: (
Note: the downloaded filename is random)
| invoice_418270412.pdf.zip | |
On the Windows machine, Inside the zip, is
Windows executable (Note the dual extension)
| invoice_418270412.pdf.scr | |
Md5 Hashes:
| f98d0db9c365cf08235fc30c41276ef8
|
Malware Information:
VirusTotal Report [1] (hits 10/57 Virus Scanners)
hybrid-analysis Report [1] [Very Detailed]
Malwr Report [1]
Summary:
Performs some HTTP requests
Steals private information from local Internet browsers
Creates an Alternate Data Stream (ADS)
Installs itself for autorun at Windows startup |
Cheers,
Steve
Sanesecurity.com
No comments:
Post a Comment