Wednesday, 22 April 2015

Bankline ROI - Password Re-activation Form

Bankline ROI - Password Re-activation Form email with a malware Zip attached...

Headers:
From: "Concepcion Lilly" {Concepcion.Lilly@rbs.co.uk}
Subject: Bankline ROI - Password Re-activation Form
Message body:
Please find the Re-activation form attached, send one per user ensuring only one box is selected in section 3.  A signatory on the bank mandate must sign the form.

Fax to 1850 005731 or alternatively you may wish to email the completed document, by attaching it to an email and sending it to banklineadministration@rbs.co.uk

On receipt of the completed form we will respond to the request within 2 working hours and communicate this to the user by email.

<> 

Please note - The life-span of an activation code is 21 days; after this time, the activation code will expire and a new one must be ordered.  

Please be aware when choosing a new pin and password for the service, it is important not to use pin/passwords that you have used before but to use completely different details.

If you are the sole Standard Administrator may I take this opportunity to suggest when you are reinstated on the system, to set up another User in a Standard Administrator role. This will prevent you being locked out completely and allow you to order a new activation code from within the system and reset your security sooner.

If you require any further assistance then please do not hesitate to contact us on 1850 189790 and one of our associates will be happy to assist you.

Regards
Bankline Product Support
 The Zip is called:
Bankline_Password_reset_0149858.zip
Inside the Zip file is a Windows Executable file (Note: filename is random)
Bankline_Password_reset_AQ004PR7.exe
Sha256 Hashes:
380105cfefa8ec7a924ac6796abf1e9543e78eefb75fbfaa06157299fc1ef1fa   [1]
Anti virus reports:
VirusTotal Report: [1] (Detection 4/56)
Malwr Report: [1]
Hybrid Analysis Report: [1]

Cheers,
Steve
Sanesecurity.com

No comments: