Tuesday, 3 March 2015

Internal ONLY SecureMessage.zip malware seems to be on it's way...


Headers:
From: "Administrator" {Administrator@yourdomain.co.uk}
Subject: Internal ONLY
Message body:
**********Important - Internal ONLY**********

File Validity: 03/03/2015
Company : http://newburydata.co.uk
File Format: Adobe Reader
Legal Copyright: Adobe Corporation.
Original Filename: Internal.pdf

********** Confidentiality Notice **********.


There's a Zip file attached to the email:
SecureMessage.zip

Inside the Zip file is a Windows Executable scr file:
     Internal.exe.scr
SHA256 Hashes:
0e4acd1f408ce308cc3c0ac1d1ce7ed0da7002550a8acab5090330d71fa7ee2c  [1]

Malware Information:

VirusTotal Report [1] (hits 6/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

No comments: