Monday, 9 February 2015

informujemy Termin spłaty długu email with Zip attachment malware...


informujemy Termin spłaty długu email with Zip attachment malware...

Headers: (example)
Subject: informujemy
Message body (example)
Termin spłaty długu
Attached to the email is a Zip file:
d_ug_10_01_2015_termin_13_02_2015_txt_.zip

On the Windows machine, Inside the zip, is Windows executable, trying to hide itself as a txt file:
dług_10_01_2015_termin_13_02_2015_txt_.exe

Md5 Hashes:
6159af6a7886a7d8bc48c1d508ecb73b  [1]
Malware Information:

VirusTotal Report [1] (hits 4/57 Virus Scanners)

Malwr Report [1]


Summary:
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup
    Hybrid Analysis Report [1]

    Cheers,

    Steve
    Sanesecurity.com

    No comments: