international lottery GOOGLE INT form malware... |
Headers: (example)
Message body (example)
From: "GOOGLE" {no-replay@ilottery.com}
Subject: GOOGLE int
Congratulations on your victory in the international lottery GOOGLE INT and win in the amount of 10,000 euro. For winning fill out the form and send it to us investing in response. *********************************************** Mr. Kan Hans Mirrow Trust Agency TEL:+386225264263 Email:kan.hans@gmail.com New York 66, 4545,2 *********************************************** If you cann't open the file, download and install Adobe Acrobat. http://get.adobe.com/ru/reader/otherversions/
Attached to the email is a Zip file:
form.zip
On the Windows machine, Inside the zip, is Windows executable:
form.exe
Md5 Hashes:
Malware Information:
433df3a8cd60e501ee0cb5b4849d82dc [1]
VirusTotal Report [1] (hits 6/56 Virus Scanners)
Malwr Report [1]
Summary:
- Performs some HTTP requests
- Looks up the external IP address domain: checkip.dyndns.org
- Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
- Creates an Alternate Data Stream (ADS)
Hybrid Analysis Report [1] [Detailed Report]
Cheers,
Steve
Sanesecurity.com
No comments:
Post a Comment