Wednesday, 21 January 2015

RE:Oficjalna wiadomość malware

RE:Oficjalna wiadomoś&#263 subject malware in the form of a html email, with an attached ZIP file...

Headers:
From: szostek@vp.pl
Subject: RE:Oficjalna wiadomość
Message body:
>
> Witam
> przesyłam w załączeniu

Attached to the email is a ZIP file:
doc_2015-01-21_.zip

On the Windows machine, Inside the zip, is Windows executable (Note the dual extension)
doc_2015-01-21_doc.exe

Md5 Hashes:
02fc528acf1e416b43f1683ebebfc41b

Malware Information:

VirusTotal Report [1] (hits 4/57 Virus Scanners)

Malwr Report [1]

Summary:

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
Executed a process and injected code into it, probably while unpacking
Installs itself for autorun at Windows startup

Hybrid-Analysis Report: [1] (Detailed)

Cheers,

Steve
Sanesecurity.com

No comments: