Wednesday, 11 March 2015

RLayton Bensenville IL- Walk in cooler and freezer

RLayton Bensenville IL- Walk in cooler and freezer with a zip attachment

From: "RLayton" {}Subject: Bensenville IL- Walk in cooler and freezer
Message body:


Does your company by chance buy used equipment? Please see the attached 

Please let me know.


Ryan M. Layton
Service Manager
Darwin Realty & Development Corporation
970 Oak Lawn Avenue
Suite 100
Elmhurst Il, 60126

Attached is a Zip file:
Inside the Zip is a Windows Executable:

Sha256 Hashes:
886c4c0ac36df5e07ee4acff26881aba61b9f00060b29a1018889eb763891a6b  [1]

Malware Information:

VirusTotal Report [1] (hits 1/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]
The malware in the zip is a trojan downloader largely referred to as Upatre. 

This downloader will then probably download it's parter in crime

Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.

It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwidth.




Anonymous said...

Interesting. Four of these in the inbox this morning.

If not for that fact, and the fact the email refers to a PDF and the attachment is a zip ... might've gotten bit.

Many people do think our company buys used equipment ... we sell it.

Anonymous said...

Anyone getting these emails attend the AHR Expo in Chicago?

Anonymous said...

Didn't get me! Cleaver message glad I didn't open otherwise might not have a job by now.