Wednesday, 11 March 2015

RLayton Bensenville IL- Walk in cooler and freezer

RLayton Bensenville IL- Walk in cooler and freezer with a zip attachment

Headers:
From: "RLayton" {RLayton@darwinrealty.com}Subject: Bensenville IL- Walk in cooler and freezer
Message body:

Hi,

Does your company by chance buy used equipment? Please see the attached 
PDF.

Please let me know.

Thanks

Ryan M. Layton
Service Manager
Darwin Realty & Development Corporation
970 Oak Lawn Avenue
Suite 100
Elmhurst Il, 60126
630.782.9520

Attached is a Zip file:
kmc350@da15030310080.zip
Inside the Zip is a Windows Executable:
kmc350@da15030310080.exe

Sha256 Hashes:
886c4c0ac36df5e07ee4acff26881aba61b9f00060b29a1018889eb763891a6b  [1]

Malware Information:

VirusTotal Report [1] (hits 1/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]
Description:
The malware in the zip is a trojan downloader largely referred to as Upatre. 

This downloader will then probably download it's parter in crime
Dyre.

Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.

It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwidth.


Cheers,

Steve
Sanesecurity.com

3 comments:

Anonymous said...

Interesting. Four of these in the inbox this morning.

If not for that fact, and the fact the email refers to a PDF and the attachment is a zip ... might've gotten bit.

Many people do think our company buys used equipment ... we sell it.

Anonymous said...

Anyone getting these emails attend the AHR Expo in Chicago?

Anonymous said...

Didn't get me! Cleaver message glad I didn't open otherwise might not have a job by now.