with a subject This is your Remittance Advice.
The Excel document has a random attachment, however these emails aren't from Saint Gobain UK SGBD National Payments Centre at all, they just being used to make the email look more
genuine, ie. from a real company.
Message Headers (Note that the email address is random):
From: "Elise"
Subject: This is your Remittance Advice #VCO26607
Message Body:
One example of the random attachment file name:
ZYVI47493.xls
Md5 Hashes:
4f8564d80c1ad702ea9ea408c8d222d8
5f1b2eef4b7f1fd919f82f5c756531a0
ab6335a9f9d616f9bc767e553299898d
c12819787eb0d5949a507b50ab1d18cb
Malware Macro document information:
VirusTotal Report [1]
(hits 0/56 Virus Scanners)
VirusTotal Report [2]
(hits 0/56 Virus Scanners)
VirusTotal Report [3]
(hits 0/56 Virus Scanners)
VirusTotal Report [4]
(hits 0/56 Virus Scanners)
Malwr Report [1]
Decoded Macro [1]
Sanesecurity signatures are blocking this as: Sanesecurity.Malware.24675.XlsHeur
Cheers,
NOTE
The current round of Word and Excel attachments are targeted at Windows users.
Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.
The auto-download file is normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.
Currently these attachments try to auto-download Dridex, which is designed to steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))
Steve
No comments:
Post a Comment