Friday, 27 March 2015

MSBA 27th, 2015 NVDB@nasa.gov

MSBA 27th, 2015 NVDB@nasa.gov email.invoice email with a zip attachment...

Headers:
From: MSBA {NVDB@nasa.gov}
Subject: MSBA 27th, 2015

Message body:
Good Afternoon.

MSFC has posted the upcoming MSBA 27th event on NAIS and
Fed Biz Ops (Solicitation No.: SB-26790).

NAIS Posting:
Please click on
Mod. 1 Posting.

Attached is the MSBA Agenda.

Please join us for this event!

There's a Zip file attached to the email:
SXKPfUE:.zip

Inside the Zip file is a Windows Executable file:
MSFC.exe
Sha256 Hashes (one example)
84d24b6827f8f539fccab694c80966936317d576d26256ecd91524ea9dbae8c1  [1]

Malware Anti-Virus Reports (one example)
VirusTotal Report [1] (hits 3/57 Virus Scanners)
Malwr Report [1]
Hybrid Analysis Report [1]

Cheers,
Steve
Sanesecurity.com

3 comments:

Anonymous said...

A quick search of the web revealed that this is an actual event posted by NASA. However, who in the HELL is dumb enough to click on an executable file that is placed in a ZIP file when that file is purported to contain a written agenda? Is this a VIRUS? I suspect that it is. But since I have more than 3 functioning brain cells, I would NEVER click on such a file. If this is legit, then whoever composed and sent out this email at NASA should be tied to the back of someone's truck and dragged to death for felonious STUPIDITY.

Anonymous said...

I received this e-mail 27mar2015 and deleted it. the attachment on the e-mail was DI8kSE4j.zip

Anonymous said...

attached zip file name varies by recipient. Spam filter previews each email attempt and each email has different file name