Wednesday, 25 February 2015

Tracey Smith AquAid Card Receipt Word doc malware

Tracey Smith AquAid Card Receipt macro downloader.... just an update on the malware that the macro downloads.

Download location:
jacekhondel.w.interia.pl/js/bin.exe
Downloaded bin.exe information...
Md5 Hash:  244729de906a7f31af9827e2f04c4972 [1]
VirusTotal Report: [1] scores 3/57 Detections
Malwr Report [1]

Summary:
  • Starts servers listening on 0.0.0.0:80
  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
  • Creates a slightly modified copy of itself
  • Installs itself for autorun at Windows startup

Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

No comments: