Thursday, 12 February 2015

BBB SBQ Form Accreditation Services email


BBB SBQ Form Accreditation Services email, containing a malicious zip file...

Headers: (example)
From: "BBB Accreditation Services" {no-replay@newyork.bbb.org}
Subject: BBB SBQ Form
Message body (example)

Thank you for supporting your Better Business Bureau (BBB).

As a service to BBB Accredited Businesses, we try to ensure that the
information we provide to potential customers is as accurate as
possible. In order for us to provide the correct information to the
public, we ask that you review the information that we have on file for
your company.

We encourage you to print this SBQ Form, answer the questions and
respond to us. (Adobe PDF)

Please look carefully at your telephone and fax numbers on this sheet,
and let us know any and all numbers used for your business (including
800, 900, rollover, and remote call forwarding). Our automated system is
driven by telephone/fax numbers, so having accurate information is
critical for consumers to find information about your business easily.

Thank you again for your support, and we look forward to receiving this
updated information.

Sincerely,

Accreditation Services


Attached to the email is a Zip file:
SQB Form.zip

On the Windows machine, Inside the zip, is Windows executable:
SQB Form.exe

Md5 Hashes:
e85b4bdfb1169222b6984fbd603ff4c3  [1]
Malware Information:

VirusTotal Report [1] (hits 3/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

No comments: