Message body:
From: "JP Morgan Access" {service@jpmorgan.com}
Subject: JP Morgan Access Secure Message
Please check attached file(s) for your latest account documents regarding your online account.
Malcolm Romero
Level III Account Management Officer
817-177-5708 office
817-359-4134 cell
Malcolm.Romero@jpmorgan.com
Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE
2015 JPMorgan Chase & Co.
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.
There's a Zip file attached to the email:
JP Morgan Access - Secure.zip
Inside the Zip file is a Windows Executable scr file:
SHA256 Hashes:
JP Morgan Access - Secure.scr
e6326d840a7656321ea9a946efb2a57f15ab6cf3b07a668e8a14bb56229150e [1]
Malware Information:
VirusTotal Report [1] (hits 5/57 Virus Scanners)
Malwr Report [1]
Hybrid Analysis Report [1]
Cheers,
Steve
Sanesecurity.com
2 comments:
Can you please share the payload?
Thanks for such details, this was very helpful to me.
Post a Comment