Wednesday, 29 April 2015

New credit terms from HSBC malware zip attached

New credit terms from HSBC with a malware zip attached...

Headers:
Subject: New credit terms from HSBC
Message body:
Sir/Madam,

We are pleased to inform you that our bank is ready to offer you a bank loan.
We would like to ask you to open the Attachment to this letter and read the terms.

Yours faithfully,
Global Payments and Cash Management
HSBC
Attached to the message is a Zip file:
{random}.zip
Inside the Zip file is a Windows Executable file:
 Payment.exe
Sha256 Hashes:
 f9b1166abf531e9b8b8c2002cc76efa935667379b6555391d5868b37359b1502 [1]
Anti virus reports:
VirusTotal Report: [1] (Detection 1/57)
Malwr Report: [1]
Hybrid Analysis Report: [1]

Cheers,
Steve
Sanesecurity.com

No comments: