Date: Mon, 24 Jun 2013 07:27:59 -0600 [09:27:59 EDT]Ask yourself this question: why would you encrypt a message and then put the password in the email? Simple.. to get past virus scanners, of course! The VirusTotal detection for this malware is just 8/46 .
From: Fiserv Secure Notification [email@example.com]
Subject: Fiserv Secure Email Notification - TBTATU41DMJDT5B
2 SecureMessage_TBTATU41DMJDT5B.zip [application/zip] 104 KB
You have received a secure message
Read your secure message by opening the attachment, SecureMessage_TBTATU41DMJDT5B.zip.
The attached file contains the encrypted message that you have received.
To decrypt the message use the following password - SUgDu07dn
To read the encrypted message, complete the following steps:
- Double-click the encrypted message file attachment to download the file to your computer.
- Select whether to open the file or save it to your hard drive. Opening the file displays the attachment in a new browser window.
- The message is password-protected, enter your password to open it.
To access from a mobile device, forward this message to firstname.lastname@example.org to receive a mobile login URL.
If you have concerns about the validity of this message, please contact the sender directly. For questions about secure e-mail encryption service, please contact technical support at 888.710.6198.
2000-2013 Fiserv Secure Systems, Inc. All rights reserved.
Other analysis is pending, the malware has the following checksums:
UPDATE: the Malwr sandbox has an analysis here. URLs involved in downloading components are: