Sanesecurity ClamAV blog: zero hour malware, phishing and scams: RE: Invoice #9675296 Sage BACs malware

Monday, 26 January 2015

RE: Invoice #9675296 Sage BACs malware in the form of a html email, with an attached BACs-9675296.zip

Headers:

From: "Sage.co.uk" {no-reply@sage.co.uk}
Subject: RE: Invoice #9675296

Message body:

Please remit BACs before 26/01/2015. The document attached.

Attached to the email is a ZIP file:

BACs-9675296.zip

On the Windows machine, Inside the zip, is Windows executable

BACs-912847.scr

Md5 Hashes:

147a717aabd60e676dea50da322c3ccd

Malware Information:

VirusTotal Report [1] (hits 5/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams