WARNING: downloaded zip file is reported as: Cryptolocker.Suspicious by QuickHeal Anti-Virus (not confirmed)
Headers: (Note: The Ref. is Random)
Message body:
From: "HSBC Advising Service" {Bankline.Administrator@nutwest.com}
Subject: Payment Advice - Advice Ref:[GB109055] / CHAPS credits
The auto-downloaded Zip file is: (Note: the downloaded filename is random)
Sir/Madam,
Please download document from dropbox, payment advice is issued at the
request of our customer. The advice is for your reference only.
Download link:
http://www.bosleymanagement DOT com/NATWEST_RELEASES/bankline.html
Yours faithfully,
Global Payments and Cash Management
HSBC
This is an auto-generated email, please DO NOT REPLY. Any replies to
this email will be disregarded.
Security tips
1. Install virus detection software and personal firewall on your
computer. This software needs to be updated regularly to ensure you have
the latest protection.
2. To prevent viruses or other unwanted problems, do not open
attachments from unknown or non-trustworthy sources.
3. If you discover any unusual activity, please contact the remitter of
this payment as soon as possible.
*******************************************************************
This e-mail is confidential. It may also be legally privileged. If you
are not the addressee you may not copy, forward, disclose
or use any part of it. If you have received this message in error,
please delete it and all copies from your system and notify the
sender immediately by return e-mail.
Internet communications cannot be guaranteed to be timely, secure, error
or virus-free. The sender does not accept liability
for any errors or omissions.
*******************************************************************
"SAVE PAPER - THINK BEFORE YOU PRINT!"
doc140_pdf.zip
On the Windows machine, Inside the zip, is Windows executable (Note the dual extension)
Md5 Hashes:
Malware Information:
ac5bcb9d2d7f2dc9e36649f25232ee7f
10f19f8b9fba32aa2d53bcf48e277c67
bb983668e38ab0bd7ca93b42850b0e8f
VirusTotal Report [1] (hits 5/57 Virus Scanners)
VirusTotal Report [2] (hits 5/57 Virus Scanners)
Joti Report [2] (hits 3/22 Virus Scanners)
Malwr Report [1]
Malwr Report [2]
Summary:
Error: Analysis failed: The package "modules.packages.zip" start function raised an error: Unable to execute the initial process, analysis aborted.
Sanesecurity signatures are blocking this as: Sanesecurity.Malware.24688
Cheers,
Steve
Sanesecurity.com
12 comments:
Just seen a big bunch of these come in, around 3pm (uk time).
just had ten of these in last twenty mins
thanks for your info
Me too, around 5 emails within the past half hour. Just reported them to godaddy
Just had 4 of these came in like 10 mins. Do NOT open !
Can this file auto download to a Mac?
13 of these in a space of 10 minutes!
Me too, six in the last ten min.
Just had over 50 to two separate and unrelated accounts. Reported to phishing@hsbc.com
Yep, I've ben getting quite a few of these since yesterday the 14th of January and today, the 15th.
We just received about 150 of these since yesterday.
Looking in to it these scum bags have at least 6 different domains they are using for the scam. Fake company sites seem to be the hosts for the naughty files, with a godaddy domain sending the emails, I have already called go daddy and forwarded the email to them, sick to death of these absolute bottom feeders, is there any way somebody can reveal who these people are?? We have had multiple attempts on our company, totally sick to death of it
>Just seen a big bunch of these come in, around 3pm (uk time).
We had a bunch of them between 8AM and 9AM CST, which would be between 2PM and 3PM UK time.
Post a Comment