Headers:
Message body:
From: "Michael Walker" {Michael.Walker@bankline.natwest.com}
Subject: RE: Incident IM07413869
Good Afternoon ,
Attached are more details regarding your account incident.
Please extract the attached content and check the details.
Please be advised we have raised this as a high priority incident and will endeavour to resolve it as soon as possible. The incident reference for this is IM07413869.
We would let you know once this issue has been resolved, but with any further questions or issues, please let me know.
Kind Regards,
Michael Walker
Level 2 Adviser | Customer Experience Team, IB Service & Operations 7th Floor, 1
Hardman Boulevard | Manchester | M3 3AQ | Depot code: 049
Tel: 0845 300 4108 |Email: Michael.Walker@bankline.natwest.com The content of this e-mail is CONFIDENTIAL unless stated otherwise
There's a Zip file attached to the email:
Incident IM07413869.zip
Inside the Zip file is a Windows executable:
Sha256 Hashes:
IM0743436407_pdf.exe
60243596f8d978350fdacc417e9945d4da6bd713733fa31fc44611c7f8a8eba8 [1]
Malware Information:
VirusTotal Report [1] (hits 3/57 Virus Scanners)
Malwr Report [1]
Summary:
Steals private information from local Internet browsers
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
Creates an Alternate Data Stream (ADS)
Installs itself for autorun at Windows startup
Hybrid Analysis Report [1]
Cheers,
Steve
Sanesecurity.com
No comments:
Post a Comment