Friday, 6 March 2015

Your online Gateway.gov.uk Submission malware

Your online Gateway.gov.uk Submission malware

Headers:
From: "Gateway.gov.uk" {iyks@blessedbethyname.com}
Subject: Your online Gateway.gov.uk Submission
Message body:
Government Gateway logo

Electronic Submission Gateway


Thank you for your submission for the Government Gateway.
The Government Gateway is the UK's centralized registration service for e-Government services.

To view/download your form to the Government Gateway please visit http://www.gateway.gov.uk/

This is an automatically generated email. Please do not reply as the email address is not
monitored for received mail.
gov.uk - the best place to find government services and information - Opens in new window

The best place to find government services and information




The link inside the email downloads Zip file:
https://www.cubbyusercontent.com/pl/secure.message_ACNO%23371.zip/_33ea06bfb8bf41d387ce4b30f9fde2c2
Zip is called:
secure.message_ACNO#371.zip

Inside the Zip file is a Windows executable:
secure.message_ACNO#371.exe
Sha256 Hashes:
d32b3101ed671c91c71a85946fbbfc8027108b0e82713a427c6f99560e2a4c89  [1]

Malware Information:
VirusTotal Report [1] (hits 1/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]

Warning: Code classification distribution is known to appear in malware
Details:    TrID distribution is very similar to the "CTB-Locker" family

SHA256: cbba56bd16222191f1468a1d93b63945394371cfb9ffe38f34a9575c5655e57a)
source Based on TrID evaluation

Cheers,

Steve
Sanesecurity.com

No comments: