Amazon3

Amazon

Monday, 23 March 2015

photo vodafone.com Pic_0004_mar2015.JPEG

photo vodafone.com Pic_0004_mar2015.JPEG incoming malware

Headers:
From: mail@vodafone.com
Subject: Re: photo
Message body:

Sent from my iPhone
----
sigismund 









There's a Zip file attached to the email:






Pic_0004_mar2015.JPEG.zip







Inside the Zip file is an exe file (Note: the double extension trick: dangerous executable:






Pic_0004_mar2015.JPEG.exe





Sha256 Hashes:






873c9ee854b3aee345262c49dda76c25cae146f5efc545b0ac99f53af2dd7c51  [1]









Malware Anti-Virus Reports:






VirusTotal Report [1] (hits 9/57 Virus Scanners)

Malwr Report [1] 






Malware Summary:






    

  • Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
    • 

  • Executed a process and injected code into it, probably while unpacking
    • 

  • Steals private information from local Internet browsers
    • 

  • Harvests credentials from local FTP client softwares
    • 

  • Connects to an IRC server, possibly part of a botnet
    • 

  • Creates an Alternate Data Stream (ADS)
    • 

  • Installs itself for autorun at Windows startup
    • 









Cheers,



Steve

Sanesecurity.com 








Posted by



at












































No comments:











Post a Comment







        

      









Subscribe to:
Post Comments (Atom)