with an attached Zip file:
Headers:
Message body:
From: "Payments Admin" {paymentsadmin@lloydstsb.co.uk}
Subject: You have received a new debit
This is an automatically generated email by the Lloyds TSB PLC
LloydsLink online payments Service to inform you that you have receive a
NEW Payment.
The details of the payment are attached.
This e-mail (including any attachments) is private and confidential and
may contain privileged material. If you have received this e-mail in
error, please notify the sender and delete it (including any
attachments) immediately. You must not copy, distribute, disclose or use
any of the information in it or any attachments.
Attached to the email is a Zip file, with a random filename:
Inside the Zip file, is a dangerous exe file (Windows Systems):
details#59400111.zip
details.exe
Md5 Hashes:
Malware Information:
9d1d9c866ee1c3d4124980dc772a64eb [1]
VirusTotal Report [1] (hits 3/57 Virus Scanners)
Malwr Report [1]
Summary:
- Steals private information from local Internet browsers
- Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
- Creates an Alternate Data Stream (ADS)
- Installs itself for autorun at Windows startup
Hybrid Analysis Report [1]
Cheers,
Steve
Sanesecurity.com
No comments:
Post a Comment