Thursday, 5 March 2015

RE: Incident IM bankline.natwest.com malware

RE: Incident IM bankline.natwest.com malware

Headers:
From: "Michael Walker" {Michael.Walker@bankline.natwest.com}
Subject: RE: Incident IM07413869
Message body:
Good Afternoon ,

Attached are more details regarding your account incident.

Please extract the attached content and check the details.

Please be advised we have raised this as a high priority incident and will endeavour to resolve it as soon as possible. The incident reference for this is IM07413869.

We would let you know once this issue has been resolved, but with any further questions or issues, please let me know.

Kind Regards,

Michael Walker

Level 2 Adviser | Customer Experience Team, IB Service & Operations 7th Floor, 1
Hardman Boulevard | Manchester | M3 3AQ | Depot code: 049
Tel: 0845 300 4108 |Email: Michael.Walker@bankline.natwest.com The content of this e-mail is CONFIDENTIAL unless stated otherwise




There's a Zip file attached to the email:
Incident IM07413869.zip

Inside the Zip file is a Windows executable:
IM0743436407_pdf.exe
Sha256 Hashes:
 60243596f8d978350fdacc417e9945d4da6bd713733fa31fc44611c7f8a8eba8   [1]

Malware Information:

VirusTotal Report [1] (hits 3/57 Virus Scanners)

Malwr Report [1]

Summary:

Steals private information from local Internet browsers
Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
Creates an Alternate Data Stream (ADS)
Installs itself for autorun at Windows startup


Hybrid Analysis Report [1]

Cheers,

Steve
Sanesecurity.com

No comments: