Tuesday, 10 March 2015

2015 PMQ agreement American_Wholesale.zip

2015 PMQ agreement American_Wholesale.zip
Headers:
From: {linda@pmq.com}
Subject: 2015 PMQ agreement
Message body: 

HI

I have Not received your signed contract for the 2015 ad campaign. If
you would please sign and return.

 Thank you Linda

 --

Watch our 2015 PMQ Media Kit here:
http://www.pmq.com/2015-PMQ-Media-Kit/ [1]

 [2]
Linda Green / Co-Publisher
(662)234-5481 ext 121 / linda.pmq@gmail.com
cell (662)801-5495

PMQ Pizza Magazine Office: 662-234-5481 x121 / Fax: 662-234-0665
605 Edison Street, Oxford, MS 38655
http://www.pmq.com [3]

DON'T FORGET TO RENEW YOUR SUBSCRIPTION TO THE MAGAZINE AT
http://www.pmq.com/Subscribe-PMQ/ [4]
 [5] [6] [7] [8] [9] [10] [11]

Attached is a Zip file:
American_Wholesale.zip
Inside the Zip is a Windows Executable:
American_Wholesale.exe

Sha256 Hashes:
ae71d65a32303f1f129292420532be2c907d04a05c1aef9a429ecf487b578681  [1]

Malware Information:

VirusTotal Report [1] (hits 7/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]
Description:
The malware in the zip is a trojan downloader largely referred to as Upatre. 

This downloader will then probably download it's parter in crime
Dyre.

Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.

It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwidth.


Cheers,

Steve
Sanesecurity.com

3 comments:

Anonymous said...

thanks steve

Josh Curtis said...

Ive received this email 3 times in the past hour.

Allan F Wright III said...

220.79.227.87 originates in Korea
220.79.227.87 IP address location & more:
IP address [?]: 220.79.227.87 [Whois] [Reverse IP]
IP country code: KR
IP address country: ip address flag Korea, Republic of
IP address state: n/a
IP address city: n/a
IP address latitude: 37.5700
IP address longitude: 126.9800
ISP of this IP [?]: Korea Telecom
Organization: Korea Telecom