Headers:
Message body:
From: mail@vodafone.com
Subject: Re: photo
Sent from my iPhone
----
sigismund
There's a Zip file attached to the email:
Pic_0004_mar2015.JPEG.zip
Inside the Zip file is an exe file (Note: the double extension trick: dangerous executable:
Sha256 Hashes:
Pic_0004_mar2015.JPEG.exe
873c9ee854b3aee345262c49dda76c25cae146f5efc545b0ac99f53af2dd7c51 [1]
Malware Anti-Virus Reports:
VirusTotal Report [1] (hits 9/57 Virus Scanners)
Malwr Report [1]
Malware Summary:
- Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
- Executed a process and injected code into it, probably while unpacking
- Steals private information from local Internet browsers
- Harvests credentials from local FTP client softwares
- Connects to an IRC server, possibly part of a botnet
- Creates an Alternate Data Stream (ADS)
- Installs itself for autorun at Windows startup
Cheers,
Steve
Sanesecurity.com
No comments:
Post a Comment