Internal ONLY order_report.zip fake pdf malware | : |
Headers: (example)
Message body (example)
From: "Administrator" {Administrator@newburydata.co.uk}
Subject: Internal ONLY
**********Important - Internal ONLY**********
File Validity: 11/02/2015
Company : http://domain.co.uk
File Format: Adobe Reader
Legal Copyright: Adobe Corporation.
Original Filename: Internal.pdf
********** Confidentiality Notice **********.
This e-mail and any file(s) transmitted with it, is intended for the exclusive use by the person(s) mentioned above as recipient(s).
This e-mail may contain confidential information and/or information protected by intellectual property rights or other rights. If you
are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying, or action taken
in relation to the contents of and attachments to this e-mail is strictly prohibited and may be unlawful. If you have received this
e-mail in error, please notify the sender and delete the original and any copies of this e-mail and any printouts immediately from
your system and destroy all copies of it.
Attached to the email is a Zip file:
internal_31572.zip
On the Windows machine, Inside the zip, is Windows executable:
internal_31572.scr
Md5 Hashes:
Malware Information:
5f3e8e6891e96477d4d9cba602e86966 [1]
VirusTotal Report [1] (hits 5/57 Virus Scanners)
Malwr Report [1]
Summary:
Hybrid Analysis Report [1]
- Performs some HTTP requests
- The binary likely contains encrypted or compressed data.
Cheers,
Steve
Sanesecurity.com
1 comment:
What do you do if the warning comes too late and you have already clicked on the zip, realised your mistake and then trashed it?
Post a Comment