Monday, 26 January 2015

Re:Informacje o płatności malware

Re:Informacje o płatności subject malware in the form of a html email, with an attached ZIP file...

Headers:
Subject: Re:Informacje o płatności
Message body:
>Zamówienie zostało zarejestrowane pod numerem
>
>POL8821223

Attached to the email is a ZIP file:
NR_POL8668436_xls.zip

On the Windows machine, Inside the zip, is Windows executable (Note the dual extension)
NR_POL1329021_xls.exe

Md5 Hashes:
51016a2f21b4734d3fb02654b7a370aa

Malware Information:

VirusTotal Report [1] (hits 3/57 Virus Scanners)

Malwr Report [1]

Summary:


Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup

Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

No comments: