This spam message has a malicious attachment:Date: Thu, 2 May 2013 03:01:38 +0400 [05/01/13 19:01:38 EDT]There is an attachment PAYMENT RECEIPT 01-05-2013.zip which in turn contains the malicious executable Receipt on payment ID758-34.exe which Comodo CAMAS reports has the following checksums:
From: Federal Reserve [alerts@federalreserve.gov]
Subject: Your Wire Transfer 07532312 canceled
The Wire transfer , recently sent from your bank account , was not processed by the FedWire.
Transfer details attached to the letter.
This service is provided to you by the Federal Reserve Board. Visit us on the web at website
To report this message as spam, offensive, or if you feel you have received this in error, please send e-mail to email address including the entire contents and subject of the message. It will be reviewed by staff and acted upon appropriately
| MD5 | 652d9919b209562bc8bb79b34e3af47d |
| SHA1 | cb90c55378366d3e8633ee1ea69f02f9e66da722 |
| SHA256 | 5151bd7722a5fee83edff91b6ff9b32c47ca1ac2eabad87b0639b22851453d62 |
VirusTotal results are just 18/46. The Anubis report and ThreatExpert report only give limited information. The ThreatTrack report [pdf] is more detailed and reveals some botnet IPs that the malware calls back to.
No comments:
Post a Comment