Wednesday, 28 January 2015

RBS Morning commentary malware

RBS Morning commentary malware:

Headers:
From: "RBS.COM" {no-replay@rbs.com}
Subject: RBS Morning commentary
Message body:
PLEASE REFER TO THE DETAILS BELOW IF YOU ARE HAVING PROBLEMS READING THE ATTACHED FILE.

 Please do not contact your Treasury Centre for technical issues - these
should be routed to RBS FM support.

The attached file is in zip format; first you have to unzip it
(self-extracting archive, Adobe PDF) and then it can be viewed in Adobe
Acrobat Reader 3.0 or above. If you do not have a copy of the software
please contact your technical support department.

ALL SUMMARIES OF RESEARCH REPORTS INCLUDED IN THIS PAGE CONSTITUTE PART
OF THE RELEVANT REPORT WHICH IS ATTACHED AND ARE THEREFORE COVERED BY
THAT DOCUMENT'S DISCLAIMER AND DISTRIBUTION RESTRICTIONS.

Attached to the email is a ZIP file:
attachment3237001.zip

On the Windows machine, Inside the zip, is Windows executable
attachment.exe

Md5 Hashes:
cb2e98722e485cdf926f66451e57f2fa [1]

Malware Information:

VirusTotal Report [1] (hits 2/57 Virus Scanners)

Malwr Report [1]


Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

No comments: