Headers:
From: Voicemail {admin@
Subject: Voicemail Message (07813297716) From:07813297716
Message body:
IP Office Voicemail redirected message
Attached is a Zip file:
Inside the Zip is a Windows Executable:
MSG00311.WAV.ZIP
MSG00311.WAV.exe
Sha256 Hashes:
a320ad9390d5c65b05e11683b150207f1c11c164baebef005e04dba476f968b7 [1]
Malware Information:
Description:
VirusTotal Report [1] (hits 3/57 Virus Scanners)
Malwr Report [1]
Hybrid Analysis Report [1]
The malware in the zip is
Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.
It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwidth.
Cheers,
Steve
Sanesecurity.com
7 comments:
Thank you. I have just received this voice mail and nearly opened it. You have saved me so much heartache, especially as I am already having a bad day! Thanks and regards, Kimble.
I just got one of these at 10:17 this morning, unzipped to find a windows .exe which I didn't execute.
Address as from
How to stop it?!
We have seen this in the form of undeliverables, does this indicate the user has an infection on their machine?
Thank you I have received it too!!
Just received one of these, I did click on the zip file, but it didn't open .... should I still be concerned?
We've received about 300 of these messages into a combination of possible and explicit e-mail addresses within our organisation over the last couple of hours. Our Watchguard XTM505 is identifying the attachment as unsafe and deleting the ZIP file.
Had a user with this today. She didn't open the attachment but I noticed that opening the email launched the installer with a file called msczvsx.exe . I killed it before it completed and got rid of the file, it put it in programdata, so I think we are ok. All scans a negative but that does mean much.
Post a Comment