Headers:
Message body:
From: MSBA {NVDB@nasa.gov}
Subject: MSBA 27th, 2015
There's a Zip file attached to the email:
Good Afternoon. MSFC has posted the upcoming MSBA 27th event on NAIS and Fed Biz Ops (Solicitation No.: SB-26790). NAIS Posting: Please click on Mod. 1 Posting. Attached is the MSBA Agenda. Please join us for this event!
SXKPfUE:.zip
Inside the Zip file is a Windows Executable file:
Sha256 Hashes (one example)
MSFC.exe
84d24b6827f8f539fccab694c80966936317d576d26256ecd91524ea9dbae8c1 [1]
Malware Anti-Virus Reports (one example)
VirusTotal Report [1] (hits 3/57 Virus Scanners)
Malwr Report [1]
Hybrid Analysis Report [1]
Cheers,
Steve
Sanesecurity.com
3 comments:
A quick search of the web revealed that this is an actual event posted by NASA. However, who in the HELL is dumb enough to click on an executable file that is placed in a ZIP file when that file is purported to contain a written agenda? Is this a VIRUS? I suspect that it is. But since I have more than 3 functioning brain cells, I would NEVER click on such a file. If this is legit, then whoever composed and sent out this email at NASA should be tied to the back of someone's truck and dragged to death for felonious STUPIDITY.
I received this e-mail 27mar2015 and deleted it. the attachment on the e-mail was DI8kSE4j.zip
attached zip file name varies by recipient. Spam filter previews each email attempt and each email has different file name
Post a Comment