Thursday, 12 February 2015

international lottery GOOGLE INT form malware

international lottery GOOGLE INT form malware...

Headers: (example)
From: "GOOGLE" {}
Subject: GOOGLE int
Message body (example)

Congratulations on your victory in the international lottery GOOGLE INT 
and win in the amount of 10,000 euro.
For winning fill out the form and send it to us investing in response.

Mr. Kan Hans
Trust Agency
New York
66, 4545,2

If you cann't open the file, download and install Adobe Acrobat.

Attached to the email is a Zip file:

On the Windows machine, Inside the zip, is Windows executable:

Md5 Hashes:
433df3a8cd60e501ee0cb5b4849d82dc    [1]
Malware Information:

VirusTotal Report [1] (hits 6/56 Virus Scanners)

Malwr Report [1]

  • Performs some HTTP requests
  • Looks up the external IP address domain:
  • Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
  • Creates an Alternate Data Stream (ADS)

Hybrid Analysis Report [1] [Detailed Report]



No comments: