Thursday, 5 March 2015

RE: Incident IM malware

RE: Incident IM malware

From: "Michael Walker" {}
Subject: RE: Incident IM07413869
Message body:
Good Afternoon ,

Attached are more details regarding your account incident.

Please extract the attached content and check the details.

Please be advised we have raised this as a high priority incident and will endeavour to resolve it as soon as possible. The incident reference for this is IM07413869.

We would let you know once this issue has been resolved, but with any further questions or issues, please let me know.

Kind Regards,

Michael Walker

Level 2 Adviser | Customer Experience Team, IB Service & Operations 7th Floor, 1
Hardman Boulevard | Manchester | M3 3AQ | Depot code: 049
Tel: 0845 300 4108 |Email: The content of this e-mail is CONFIDENTIAL unless stated otherwise

There's a Zip file attached to the email:

Inside the Zip file is a Windows executable:
Sha256 Hashes:
 60243596f8d978350fdacc417e9945d4da6bd713733fa31fc44611c7f8a8eba8   [1]

Malware Information:

VirusTotal Report [1] (hits 3/57 Virus Scanners)

Malwr Report [1]


Steals private information from local Internet browsers
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
Creates an Alternate Data Stream (ADS)
Installs itself for autorun at Windows startup

Hybrid Analysis Report [1]



No comments: