Sanesecurity ClamAV blog: zero hour malware, phishing and scams: HSBC Advising Service Payment Advice

Wednesday 22 April 2015

HSBC Advising Service Payment Advice - Advice Ref CHAPS credits

HSBC Advising Service Payment Advice - Advice Ref CHAPS credits email...

Headers:

From: "HSBC Advising Service" 
Subject: Payment Advice - Advice Ref:[GB078486] / CHAPS credits

Message body:

Sir/Madam,

Please download document from server, payment advice is issued at the 
request of our customer. The advice is for your reference only.

Download link:

http://futbolyresultados.es/HSBC_STORAGE-DATA/secure.payment.html

Yours faithfully,
Global Payments and Cash Management
HSBC

The link in the message body, when clicked auto-downloads from this site:

http://futbolyresultados.es/HSBC_STORAGE-DATA/secure.payment.html

The above site, auto-downloads from:

ttps://fetch.hightail.com/storage-agent/a0/files/21b1da0b-91fb-4cd2-85f9-089a0866d73f/new_payment_document.zip?download_id=5076442704&file=new_payment_document.zip

The Zip is called:

new_payment_document.zip

Inside the Zip file is a Windows Executable file (Note: filename is random)

new_payment_document.exe

Sha256 Hashes:

acf7af8a197ecbcc1a2ee24a359d7b6ead91223d3988b490e8c8c6896b001b4f [1]

Anti virus reports:

VirusTotal Report: [1] (Detection 2/56)
Malwr Report: [1]
Hybrid Analysis Report: [1]

Cheers,
Steve
Sanesecurity.com

1 comment:

BK said...: Yeah, I got a few of these emails too, but now it comes with a PDF attachment, different email address etc.

Let me know if you want me to forward those to you.; 13 November 2015 at 01:27

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Wednesday 22 April 2015

HSBC Advising Service Payment Advice - Advice Ref CHAPS credits

1 comment: