Wednesday, 18 February 2015

BankLine secure message malware

BankLine secure message being spammed out containing a link to 
auto-download a zip file.

Message Header:
From: "Bankline" {secure.message@bankline.natwest.com}
Subject: You have received a new secure message from BankLine
Message Body:
You have received a secure message.

Read your secure message by following the link bellow:

https://www.cubbyusercontent.com/pl/Secure_Message_006HDK671HH4.zip/_b8d77d1ec27e4a4faadde1e5717add1d
----------------
You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.

If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the Bankline Bank Secure Email Help Desk at 0131 556 8389.

First time users - will need to register after opening the attachment.
About Email Encryption - https://help.bankline.natwest.com/support/app/answers/detail/a_id/1671/kw/secure%20message
Download location:
https://www.cubbyusercontent.com/pl/Secure_Message_006HDK671HH4.zip
/_b8d77d1ec27e4a4faadde1e5717add1d

 Attachment filename:
Secure_Message_006HDK671HH4.zip

Inside the Zip file is a Windows Executable: (Note the double extension)
LND_Report_lnd0042375.exe.exe

Md5 Hashes:
b70bd61902fb50e84b44f2d4ea29a17e [1]

Malware  information:

VirusTotal Report [1] (hits 2/57 Virus Scanners)

Malwr Report [1]


Hybrid-Analysis Report [1]

Cheers,
Steve

1 comment:

Anonymous said...

also sent as from societé general (avisdepaiement@societegenerale.fr)