Monday, 9 February 2015

Lloyds Commercial Banking you have new message malware

Lloyds Commercial Banking you have new message malware is now arriving in the form of a html email, with an attached Zip file:


Headers:
From: "Lloyds Commercial Banking" {GrpLloydslinkHelpdesk@lloydsbanking.com}
Subject: You have a new message
Message body:

Dear Lloyds Link Customer,
 
You have a new message

There's a new message for you, messages contain information about your account, so it's important to view them

If you’ve chosen to use a shared email address, please note that anyone who has access to your email account will be able to view your messages
Please check attached message for more details.

Attached to the email is a Zip file, with a random filename:
ImportantMessage.zip
Inside the Zip file, is a dangerous scr file (Windows Executable file)
 ImportantMessage.scr

Md5 Hashes:
1fd8281fbe160071940cd937c5c94861  [1]
Malware Information:

VirusTotal Report [1] (hits 3/57 Virus Scanners)

Malwr Report [1]


Summary:
  • Steals private information from local Internet browsers
  • Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
  • Creates an Alternate Data Stream (ADS)
  • Installs itself for autorun at Windows startup

    Hybrid Analysis Report [1]

    Cheers,

    Steve
    Sanesecurity.com

    No comments: