Tuesday, 10 March 2015

IMPORTANT - Confidential documents gov.uk CASE_ email with a zip attachment

IMPORTANT - Confidential documentsgov.uk CASE_ email with a zip attachment

Headers: (Note: From name is random)
From: "Dionne Bullard" {noreply@gov.uk}
Subject: IMPORTANT - Confidential documents
Message body: (Note: name is random)

Company Documents

To: steveb@x
Case: C0215942

Please scan attached document and fax it to +44 (0)303 1234 055 .

All web filed documents (with the exception of downloaded accounts templates) are available to view / download for 10 days after their original submission. Once accepted, these changes will be displayed on the public record. Not yet filing your accounts online? See how easy it is... For enquiries, please telephone the Service Desk on +44 (0)303 1234 819 or email enquiries@gov.uk This email was sent from a notification-only email address which cannot accept incoming mail. Please do not reply directly to this message.
Yours faithfully
Dionne Bullard
Senior Manager
Companies House
Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.

?2014 Companies House. All rights reserved.

Attached is a Zip file:
Inside the Zip is a Windows Executable:

Sha256 Hashes:
042e9e1be74fcd23d72860a01374f531bd5e5f0c20ddf992aef97572a1b66d6d    [1]

Malware Information:

VirusTotal Report [1] (hits 2/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]
The malware in the zip is a trojan downloader largely referred to as Upatre. 

This downloader will then probably download it's parter in crime

Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.

It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwidth.



1 comment:

Luna said...

Got same type of email today, and your post is much helpful to me.