Headers:
Message body:
Subject: RE:PI FOR NEW ORDER
From: export@gmail.com
Dear Sir,
Please see attached for your reference.
The proforma ivoice for new order to effect payment ASAP.
If you have any question or correction, please let me know.
Regards,
Mrs Haisha Abdul.
Sales Person,
Gulf Trade Co. Ltd
Al-Rai, Street No.22, Thailand
Tel : 1803803
Tel Fax : +(666) 24770292
Skype: annimohd6@gmail.com
There's a Rar file attached to the email:
Profoma Invoice.rar
Inside the Rar file is an exe file:
Sha256 Hashes:
Profoma Invoice.exe
cf32a6ee5f309d06590623f0a098833cbd48692bc131442088594f2fef6c00c2 [1]
Malware Anti-Virus Reports:
VirusTotal Report [1] (hits 16/51 Virus Scanners)
Malwr Report [1]
Malware Summary:
- Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
- Executed a process and injected code into it, probably while unpacking
- Installs itself for autorun at Windows startup
Cheers,
Steve
Sanesecurity.com
No comments:
Post a Comment