Thursday, 22 January 2015

Info from, Thank you for using BillPay

Alert Summary:

Info from, SantanderBillPayment_Slip. Thank you for using BillPay email with an attached SantanderBillPayment_Slip malicious ZIP file.

From: ""
Subject: Info from
Message body:
Thank you for using BillPay. Please keep this email for your records.

The following transaction was received on 22 January 2015 at 09:18:37.

Payment type:          VAT
Customer reference no: 7975402
Card type:            Visa Debit
Amount:                GBP 4,777.00

For more details please check attached payment slip.

Your transaction reference number for this payment is IR7975402.

Please quote this reference number in any future communication regarding this payment.

Yours sincerely,

Banking Operations
Attached to the email is a Zip file:
Inside the Zip file is a windows executable: (Note the double extension)

MD5 Hashes:
b2cdef905b8c9fa7d018190e1a6ada5b [1]
Malware Information:
VirusTotal Report [1] (hits11/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report  [1]



No comments: