Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Lloyds Commercial Banking you have new message malware

Monday, 9 February 2015

Lloyds Commercial Banking you have new message malware

Lloyds Commercial Banking you have new message malware is now arriving in the form of a html email, with an attached Zip file:

Headers:

From: "Lloyds Commercial Banking" {GrpLloydslinkHelpdesk@lloydsbanking.com}
Subject: You have a new message

Message body:

Dear Lloyds Link Customer,

You have a new message

There's a new message for you, messages contain information about your account, so it's important to view them
If you’ve chosen to use a shared email address, please note that anyone who has access to your email account will be able to view your messages
Please check attached message for more details.

Attached to the email is a Zip file, with a random filename:

ImportantMessage.zip

Inside the Zip file, is a dangerous scr file (Windows Executable file)

ImportantMessage.scr

Md5 Hashes:

1fd8281fbe160071940cd937c5c94861 [1]

Malware Information:

VirusTotal Report [1] (hits 3/57 Virus Scanners)

Malwr Report [1]

Summary:

Steals private information from local Internet browsers

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)

Creates an Alternate Data Stream (ADS)

Installs itself for autorun at Windows startup

Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Monday, 9 February 2015

Lloyds Commercial Banking you have new message malware

No comments: