A quick summary of zipped malware this morning... Sanesecurity database: foxhole_filename.cdb are detecting them...
Headers:
From: "donotreply_invoices@verifone.com" {donotreply_invoices@verifone.com} Subject: VeriFone Services UK and Ireland Ltd
=======================================================
From: "credbills@denbighshire.gov.uk" {credbills@denbighshire.gov.uk}} Subject: Cyngor Sir Ddinbych - Taliad BACS / Denbighshire CC - BACS Remittance
=======================================================
From: "World First Payments" {payments@worldfirst.com} Subject: World First - Supplier Payment Notification | |
Message body:
Please see attached Invoice(s).
Thanks and Regards,
VeriFone Services UK and Ireland Ltd
=======================================================
Gweler manylion taliad BACS yn atodedig
Please see attached Bacs Remittance
=======================================================
Dear Customer
We're emailing to let you know that a payment is scheduled to be made to you by World First on behalf of DPI (UK) Ltd.
This payment is scheduled to be made on 27 Oct 2015. Please see the attached PDF for further details on the payment (ID:3656763).
Please note this notification is not meant to act as a binding confirmation and the payment may be subject to cancellation or amendment by our customer without further notification to you.
If any of the payment information is incorrect, please contact DPI (UK) Ltd.
Kind Regards,
World First
Attached to the message is a Zip file (various names):
New_Cardholder_Application_Twila_Mccann.zip SF-20151027-3656763-20151027102459.zip World_First_Trade_Confirmation_-_Ref_20151027102632_on_27-Oct-2015.zip | |
Inside the Zip file is a Windows Executable file (various names)
Various exe and scr names | |
Sha256 Hashes: (various)
1dda68b78e84caf63bb32cae2dc1bd82111e49db85d127a36cb715e2e4ef3b16 4cb8b4959fbcc883a6e7f7ea9254acda3034b8d5dd93996cb9f709aef1104847 717e2d316ef1e98aa10b4d850c32a5f93281166b2913bcbd5e16b82a77d63034 7c5cf8ecf12a05555f6e9ab4948c3d9aaea7ea780f803a5ea200549d035d73ce c6a11c16722b6772807559a05c8d12b2b3776482208f8efface34876351a3122 ec7c8a14d7da104f6fd81ee8d99b92f3b117b5593f343fbd0ba8295de7e3995d
|
Cheers,
Steve
Sanesecurity.com
No comments:
Post a Comment