Tuesday, 27 January 2015

You have a new Secure Message NatWest Customer Support

You have a new Secure Message NatWest Customer Support malware in the form of a html email, with an attached SecureMessage.zip

Headers:
From: "NatWest" {secure.message@natwest.com}
Subject: You have a new Secure Message
Message body:
You have received a encrypted message from NatWest Customer Support

In order to view the attachment please open it using your email client ( Microsoft Outlook, Mozilla Thunderbird, Lotus )

If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the NatWest Bank Secure Email Help Desk at 0131 556 9428.
Attached to the email is a ZIP file:
SecureMessage.zip

On the Windows machine, Inside the zip, is Windows executable (screen saver file)
document-09172.scr

Md5 Hashes:
76d03e0bd49b4f5868efd98295fa28bb

Malware Information:

VirusTotal Report [1] (hits 5/57 Virus Scanners)

Malwr Report [1]


Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

No comments: