Date: Mon, 4 Aug 2014 19:57:07 +0800 [07:57:07 EDT]Attached to the message is an archive AccountDocuments.zip which in turn contains the malicious executable AccountDocuments.scr which has a VirusTotal detection rate of 6/54 and the comments indicate that this is a variant of Cryptowall. The Comodo CAMAS report shows that it phones home to the following URLs:
From: Andrea Talbot [Andrea.Talbot@bofa.com]
Subject: RE: Important Documents
Please check attached documents regarding your Bofa account.
Bank Of America
817-180-2340 cell Andrea.Talbot@bofa.com
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are
confidential and are intended solely for the use of the person or entity to whom the
message was addressed. If you are not the intended recipient of this message, please be
advised that any dissemination, distribution, or use of the contents of this message is
strictly prohibited. If you received this message in error, please notify the sender.
Please also permanently delete all copies of the original message and any attached