Wednesday, 6 May 2015

Subject: Check your requisite

Subject: Check your requisite emails with a malware zip attached...

Headers:
Subject: Check your requisite
Message body:
Good morning
Could You please check your requisite details under the contract #blhse9
Attached to the message is a Zip file:
blhse9.zip
Inside the Zip file is a Windows Executable file:
abrogation_invoice_data.exe
abrogation_invoice_details.exe
abrogation_invoice_document.exe
abrogation_invoice_form.exe
abrogation_invoice_information.exe
abrogation_invoice_report.exe
abrogation_invoice_statement.exe
block_invoice_data.exe
block_invoice_details.exe
block_invoice_document.exe
block_invoice_form.exe
block_invoice_information.exe
block_invoice_report.exe
block_invoice_statement.exe
cancelation_invoice_data.exe
cancelation_invoice_details.exe
cancelation_invoice_document.exe
cancelation_invoice_form.exe
cancelation_invoice_information.exe
cancelation_invoice_report.exe
cancelation_invoice_statement.exe
invalidation_invoice_data.exe
invalidation_invoice_details.exe
invalidation_invoice_document.exe
invalidation_invoice_form.exe
invalidation_invoice_information.exe
invalidation_invoice_report.exe
invalidation_invoice_statement.exe
nullfication_invoice_data.exe
nullfication_invoice_details.exe
nullfication_invoice_document.exe
nullfication_invoice_form.exe
nullfication_invoice_information.exe
nullfication_invoice_report.exe
nullfication_invoice_statement.exe
rejection_invoice_data.exe
rejection_invoice_details.exe
rejection_invoice_document.exe
rejection_invoice_form.exe
rejection_invoice_information.exe
rejection_invoice_report.exe
rejection_invoice_statement.exe
Sha256 Hashes:
031aa69547f0ac4c1eb005a2b7bfa72d207ad82a14f1c696b4d8cfa721cc9786
0dd5f24c1a6456050376a58778c244b20754e2453bbc97753361f5c4386cf779
1f3dd6b7c0daf80f9f3984fbb1bd5ac933f3e8e23d3c1f8448defacc28cd095d
226bebf7a1a7523c29b1f86dc4cc48130900a7026790d4be269f731bbcbcdbdc
25dd6ea339c5d39ab50c49f19607dd07878ced71866a8eaa23b03c7597c26698
332b3be127457f5a6a714e23f0cb39179b79ab869215bb32a6c2556b5109b8f6
35855f7fdb3a0dc365a3a96f4d94a96e2ef4707a9cc77ff0d2705a71903288fc
397b0a8b515f504e1a5120fb6a9aadbde0bc0e0f9fa2b1c7d1c2fe432f5626c5
489b58e7309b1329c9d22821a7cd7009f553e3674a71295fae83509cd0fc8845
4cf66d0b7fad1f7cdb6be83e68ba7caea4fd039a76f5a5323848042e34adf392
56889de754801021dbd9397f8e7103e6fb8a641fda0f4253dfdf26344d6fffe8
576eb22e93ac49ede1cb29c7dff2c421fbbe972a4e324b4ef2e14eea3a8c0498
5aaadfcef96ca9d56208a78ef8c5746e0034f10b900cb2f8eacdaa6dbf42890a
5d5198993d0d671adebc443f8b9554399fb07581df2159ff6c8f8d7250070f9a
6b501ed27453c52f837ef70da4f6ca5752115e7ebcf4514b8c3375b7b9eb9621
7bf92a1e6e3afbb4c4ac366e041ab58fc2be8bde3ed3f36dff1d5f38279ee959
7f4120fd03313d6fca34e8b52e742a299ea38d7e484fc5f91ef34e16336d771a
7f5cffd1f53007660856bb377c2ec63b3272132995723b244031a0d51de09f1e
83c9b269c8b109320881f19b25cb261298353f7e9046a483d0f7b7b5feb1ea79
843a0f9ab214bf762a8f27b249993a4e13164ad0ab8ec6a2d2539828abf8fddb
86b7034b97effe3c02a7dacc06a75965f3131a5288771a37c5f1d1f1af40e019
86bd47f89594e15bd6b1d35ef55470f9632254063e37fa291aab7ea639761ed8
9221463abaa01716f5d60fb11c1eb471d31996f2f29109476cf9be67114b1e97
96fae2f27df77526a41d0840a276a7b64fa81ce70c248517de241891886ef38d
9de051117bc0f58ff43ad09fd0bb0af5b6374e3cdf25db24b49b40ce1e6250c1
9f9bd4633b0a961ce5ed1fcb3cacf2a9d9df789c2b6e1a23052b438814268ca4
a7e9b9d7f1efa3b45197c956c5e3519453ef977e602e3c4b313e57a055d91ab2
abb118a8e5e638a8c6823b4004ded1ddc8eaa6a2184db569b2af2616dec6e363
bee07eceb5dd5599207d5d7d3381e024a013a0b170946e02e725ce6c0bd65980
c5548bb92be4d5a0f4b8d376e7f002036eb46673699829ba50095ebfe65d2d1e
c57f376100d515c73233bfb0f6a9425efc6801d242cf1c07d28f51cfd8950033
c661572d397f3ec13b96ef6881fb80d777b221c3f8f79f2fbc890a476b54d5d3
c98cf80c2463f6aa2720a5b7b3fb08366406c0a22cc3f803413ca0e588dda2ed
d7b622fb2e527f8381e7380524254cadf99b592b2e16844b60e73036f9569ec2
d7b81f99821064d361b3a4672e3324629d54b3df9c8a73b0dee16b85e6b79b20
df9b3bc6d473f6eed8f16b4d76f9a52af3a284c55a9294de8e937d29a1ea20e7
e4c786aacc3bd1c3c98ebc71aea2b7c9c63523005d9c730890f5d7701daeb46b
e69b6c670ab3f16c1e9e27b6c437053ce5e0aa53f3d791057298a10a89b14734
e79648e48b1720ece12214d3bee123cf5ec467ea4f3bffdac6079934965aebf9
ed8af9cc4be4c8aa660faf33e4b0ea41126fbb4333940ddc1c9630a6eeeb2d00
f025a4d86ef2c84ab6dfff7822afd8b9d0ec66aa59a08d53a77fc29186280f48
f0c34653da46cc4efd4e0234b5c86e1b4642b96191b94bde7e848e69ec37dd65
Anti virus reports:
VirusTotal Report: [example] (Detection 2/57)

Cheers,
Steve
Sanesecurity.com

No comments: