Sponsored by..

Friday, 24 May 2013

Chase "Incoming Wire Transfer" spam / incoming_wire_05242013.zip

This fake Chase "Incoming Wire Transfer" email has a malicious attachment.

Date:      Fri, 24 May 2013 09:18:23 -0500 [10:18:23 EDT]
From:      Chase [Chase@emailinfo.chase.com]
Subject:      Incoming Wire Transfer

Note: This is a service message with information related to your Chase account(s). It may include specific details about transactions, products or online services. If you recently cancelled your account, please disregard this message.
          We're writing to let you know the "Incoming Wire Transfer Report" is available.
If you are not aware of this transaction or have concerns about the request, please contact your company administrator.

The detailed Information about this transaction is available in the attached file.

Date of deposit: 05/24/2013
Transaction number: 1
Type: International Wire Transfer
Amount: $161,381.56

If you aren't enrolled in "Incoming Transfer Report's" and think you've received this message in error, please call our Customer Support team immediately, using the phone number on the "Contact Us" page on Chase Online.

Note: This e-mail may contain confidential information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized copying, disclosure or distribution of the material in this e-mail is strictly forbidden.

    E-mail Security Information    

If you would like to learn more about e-mail security or want to report a suspicious e-mail, click here.

Note: If you are concerned about clicking links in this e-mail, the Chase Online services mentioned above can be accessed by typing www.chase.com directly into your browser.


If you want to contact Chase, please do not reply to this message, but instead go to www.chase.com. For faster service, please enroll or log in to your account. Replies to this message will not be read or responded to.

Your personal information is protected by advanced technology. For more detailed security information, view our Online Privacy Policy. To request in writing: Chase Privacy Operations, PO Box 659752, San Antonio, TX 78265-9752.

JPMorgan Chase Bank, N.A. Member FDIC
2013 JPMorgan Chase & Co.

The attachment incoming_wire_05242013.zip contains an executable incoming_wire_05242013.exe with a detection rate of 9/47 at VirusTotal. The ThreatTrack report [pdf] and ThreatExpert report show various characteristics of this malware, in particular a callback to the following IPs and domains:

Checksums are as follows:

No comments: