Thursday, 12 February 2015

international lottery GOOGLE INT form malware

international lottery GOOGLE INT form malware...



Headers: (example)
From: "GOOGLE" {no-replay@ilottery.com}
Subject: GOOGLE int
Message body (example)

Congratulations on your victory in the international lottery GOOGLE INT 
and win in the amount of 10,000 euro.
For winning fill out the form and send it to us investing in response.

***********************************************
Mr. Kan Hans
Mirrow
Trust Agency
TEL:+386225264263
Email:kan.hans@gmail.com
New York
66, 4545,2

***********************************************
If you cann't open the file, download and install Adobe Acrobat.
http://get.adobe.com/ru/reader/otherversions/


Attached to the email is a Zip file:
form.zip

On the Windows machine, Inside the zip, is Windows executable:
form.exe

Md5 Hashes:
433df3a8cd60e501ee0cb5b4849d82dc    [1]
Malware Information:

VirusTotal Report [1] (hits 6/56 Virus Scanners)

Malwr Report [1]

Summary:
  • Performs some HTTP requests
  • Looks up the external IP address domain: checkip.dyndns.org
  • Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
  • Creates an Alternate Data Stream (ADS)

Hybrid Analysis Report [1] [Detailed Report]

Cheers,

Steve
Sanesecurity.com

No comments: