Alert Summary:
Info from SantanderBillpayment.co.uk, SantanderBillPayment_Slip. Thank you for using BillPay email with an attached SantanderBillPayment_Slip malicious ZIP file.
Headers:
Message body:
From: "Santanderbillpayment-noreply@SantanderBillPayment.co.uk"
Subject: Info from SantanderBillpayment.co.uk
Attached to the email is a Zip file:
Thank you for using BillPay. Please keep this email for your records.
The following transaction was received on 22 January 2015 at 09:18:37.
Payment type: VAT
Customer reference no: 7975402
Card type: Visa Debit
Amount: GBP 4,777.00
For more details please check attached payment slip.
Your transaction reference number for this payment is IR7975402.
Please quote this reference number in any future communication regarding this payment.
Yours sincerely,
Banking Operations
Inside the Zip file is a windows executable: (Note the double extension)
SantanderBillPayment_Slip7975402 .zip
SantanderBillPayment_Slip987412.pdf.exe
MD5 Hashes:
Malware Information:
b2cdef905b8c9fa7d018190e1a6ada5b [1]
VirusTotal Report [1] (hits11/57 Virus Scanners)
Malwr Report [1]
Hybrid Analysis Report [1]
Cheers,
Steve
Sanesecurity.com
No comments:
Post a Comment