Tuesday, 27 October 2015

A quick summary of zipped malware this morning.

A quick summary of zipped malware this morning... Sanesecurity database: foxhole_filename.cdb are detecting them...

Headers:
From: "donotreply_invoices@verifone.com" {donotreply_invoices@verifone.com}
Subject: VeriFone Services UK and Ireland Ltd
=======================================================
From: "credbills@denbighshire.gov.uk" {credbills@denbighshire.gov.uk}}
Subject: Cyngor Sir Ddinbych - Taliad BACS / Denbighshire CC - BACS Remittance
=======================================================
From: "World First Payments" {payments@worldfirst.com}
Subject: World First - Supplier Payment Notification
Message body:
Please see attached Invoice(s).


Thanks and Regards,
VeriFone Services UK and Ireland Ltd

=======================================================

Gweler manylion taliad BACS yn atodedig

Please see attached Bacs Remittance

=======================================================

Dear Customer 
We're emailing to let you know that a payment is scheduled to be made to you by World First on behalf of DPI (UK) Ltd. 
This payment is scheduled to be made on 27 Oct 2015. Please see the attached PDF for further details on the payment (ID:3656763). 
Please note this notification is not meant to act as a binding confirmation and the payment may be subject to cancellation or amendment by our customer without further notification to you.
If any of the payment information is incorrect, please contact DPI (UK) Ltd. 
Kind Regards,
World First

Attached to the message is a Zip file (various names):
New_Cardholder_Application_Twila_Mccann.zip
SF-20151027-3656763-20151027102459.zip
World_First_Trade_Confirmation_-_Ref_20151027102632_on_27-Oct-2015.zip
Inside the Zip file is a Windows Executable file (various names)
Various exe and scr names
Sha256 Hashes: (various)
1dda68b78e84caf63bb32cae2dc1bd82111e49db85d127a36cb715e2e4ef3b16
4cb8b4959fbcc883a6e7f7ea9254acda3034b8d5dd93996cb9f709aef1104847
717e2d316ef1e98aa10b4d850c32a5f93281166b2913bcbd5e16b82a77d63034
7c5cf8ecf12a05555f6e9ab4948c3d9aaea7ea780f803a5ea200549d035d73ce
c6a11c16722b6772807559a05c8d12b2b3776482208f8efface34876351a3122
ec7c8a14d7da104f6fd81ee8d99b92f3b117b5593f343fbd0ba8295de7e3995d

Cheers,
Steve
Sanesecurity.com

No comments: