Sponsored by..

Wednesday 16 September 2015

Malware spam: "HSBC SecureMail" / "You have received a secure message"

This fake HSBC email message has a malicious payload:


From:    HSBC SecureMail [HSBCRepresentative_WilliamsBlankenship@hsbc.co.uk]
Date:    16 September 2015 at 13:13
Subject:    You have received a secure message


You have received a secure message
Read your secure message by opening the attachment. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it with Internet Explorer.
If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the HSBC Secure Mail Help Desk.
First time users - will need to register after opening the attachment.
About Email Encryption - http://www.hsbc.co.uk/secureemail


HSBC_Payment_87441653
16K
Attacked is a file HSBC_Payment_87441653.zip which in turn contains a malicious executable HSBC_Payment_87441653.exe, this has a VirusTotal detection rate of 4/56.

UPDATE: The Hybrid Analysis report shows network traffic to a familiar Nigerian IP of 197.149.90.166 which I strongly recommend you block. The traffic pattern is indicative of Upatre dropping the Dyre banking trojan.

MD5:
359f0c584d718f44e9777e259f013031

No comments: