BankLine secure message being spammed out containing a link to auto-download a zip file.
Message Header:
From: "Bankline" {secure.message@bankline.natwest.com}
Subject: You have received a new secure message from BankLine
Message Body:You have received a secure message.Download location:
Read your secure message by following the link bellow:
https://www.cubbyusercontent.com/pl/Secure_Message_006HDK671HH4.zip/_b8d77d1ec27e4a4faadde1e5717add1d
----------------
You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.
If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the Bankline Bank Secure Email Help Desk at 0131 556 8389.
First time users - will need to register after opening the attachment.
About Email Encryption - https://help.bankline.natwest.com/support/app/answers/detail/a_id/1671/kw/secure%20message
https://www.cubbyusercontent.com/pl/Secure_Message_006HDK671HH4.zip /_b8d77d1ec27e4a4faadde1e5717add1d
Attachment filename:
Secure_Message_006HDK671HH4.zip
Inside the Zip file is a Windows Executable: (Note the double extension)
LND_Report_lnd0042375.exe.exe
Md5 Hashes:
b70bd61902fb50e84b44f2d4ea29a17e [1] 
Malware information:
VirusTotal Report [1] (hits 2/57 Virus Scanners) 
Malwr Report [1]
Hybrid-Analysis Report [1]
Cheers,
Steve
 
 
1 comment:
also sent as from societé general (avisdepaiement@societegenerale.fr)
Post a Comment