This fake FISERV email has a malicious attachment SecureMessage_TBTATU41DMJDT5B.zip containing a trojan named SecureMessage.exe:Date: Mon, 24 Jun 2013 07:27:59 -0600 [09:27:59 EDT]Ask yourself this question: why would you encrypt a message and then put the password in the email? Simple.. to get past virus scanners, of course! The VirusTotal detection for this malware is just 8/46 .
From: Fiserv Secure Notification [secure.notification@fiserv.com]
Subject: Fiserv Secure Email Notification - TBTATU41DMJDT5B
Part(s):
2 SecureMessage_TBTATU41DMJDT5B.zip [application/zip] 104 KB
You have received a secure message
Read your secure message by opening the attachment, SecureMessage_TBTATU41DMJDT5B.zip.
The attached file contains the encrypted message that you have received.
To decrypt the message use the following password - SUgDu07dn
To read the encrypted message, complete the following steps:
- Double-click the encrypted message file attachment to download the file to your computer.
- Select whether to open the file or save it to your hard drive. Opening the file displays the attachment in a new browser window.
- The message is password-protected, enter your password to open it.
To access from a mobile device, forward this message to mobile@res.fiserv.com to receive a mobile login URL.
If you have concerns about the validity of this message, please contact the sender directly. For questions about secure e-mail encryption service, please contact technical support at 888.710.6198.
2000-2013 Fiserv Secure Systems, Inc. All rights reserved.
Other analysis is pending, the malware has the following checksums:
| Size | 117248 |
| MD5 | fdd154360854e2d9fee47a557b296519 |
| SHA1 | d3de7f5514944807eadb641353ac9380f0c64607 |
| SHA256 | 1ef3302196f5c4cd9bf97c719e934d612a244a17a20f5a742c15d8203d477f59 |
UPDATE: the Malwr sandbox has an analysis here. URLs involved in downloading components are:
[donotclick]governodiantarcticland.org/ponyb/gate.php
[donotclick]maxprotection.de/N4k.exe
[donotclick]francescobotti-fashion.com/27ZDM9p.exe
[donotclick]liltommy.com/ep9C.exe
[donotclick]keep-smile.net/t4T.exe
No comments:
Post a Comment