From: Sammie Aaron [Sammie@rbs.com]
Date: 11 June 2014 12:20
Subject: Important Docs
Please review attached documents regarding your account.
To view/download your documents please click here
Tel: 01322 215660
Fax: 01322 796957
This information is classified as Confidential unless otherwise stated.
The download location is [donotclick]www.cubby.com/pl/Document-772976_829712.zip/_e97c36c260ed454d8962503b18e37e86 which downloads a file Document-772976_829712.zip which in turn contains a malicious executable Document-772976_829712.scr which has VirusTotal detection rate of just 1/54.
Automated analysis tools     show that it creates a file with the disincentive name googleupdaterr.exe and attempts to communicate with the following IPs:
22.214.171.124 (Intergenia AG, Germany)
126.96.36.199 (OVH, Canada)
188.8.131.52 (ITL Company, Ukraine)