Thursday, 19 March 2015

JP Morgan Access Secure Message Elwood Ritter

JP Morgan Access Secure Message Elwood Ritter emails.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Message Header::

From: "JP Morgan Access" {}
Subject: JP Morgan Access Secure Message
Message Body:
Please check attached file(s) for your latest account documents regarding your online account.

Elwood Ritter
Level III Account Management Officer
817-822-8313 office
817-342-3568 cell

Investments in securities and insurance products are:

2015 JPMorgan Chase & Co.

CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.

The attached zip is called:
JP Morgan Access -
Inside the Zip is a Windows Executable:
JP Morgan Access - Secure.scr

Sha256 Hashes:
 55775ad6ebd6eb9b6f0f166678d89d13888d571dc5d0b094a58b6e5f16a699b2 [1]

Malware Macro document information:
VirusTotal Report [1] (Detection ratio 10 /57)
Malwr Report [1]
Hybrid Analysis Report [1]

No comments: