Date: Fri, 28 Mar 2014 07:16:43 -0300 [06:16:43 EDT]The attachment is a ZIP file which contains an exectable Statement_03282014.exe (note that the date is encoded into the file). This has a VirusTotal detection rate of 8/51.
From: "Sky.com" [statement@sky.com]
Subject: Statement of account
Afternoon,
Please find attached the statement of account.
We look forward to receiving payment for the February invoice as this is now due for
payment.
Regards,
Darrel
This email, including attachments, is private and confidential. If you have received this
email in error please notify the sender and delete it from your system. Emails are not
secure and may contain viruses. No liability can be accepted for viruses that might be
transferred by this email or any attachment. Wilson McKendrick LLP Solicitors, Queens
House, 29 St. Vincent Place, Glasgow G1 2DT Registered in Scotland No. SO303162. Members:
Mark Wilson LLB Dip. NP LP Allan T. McKendrick LLB Dip. LP NP.
The Malwr analysis shows several attempted network connections. Firstly there's a download of a configration file from [donotclick]igsoa.net/Book/2803UKd.wer and then subsequently an attempted connection aulbbiwslxpvvphxnjij.biz on 50.116.4.71 (a Linode IP which has been seen before) and a number of other autogenerated domains.
Recommended blocklist:
50.116.4.71
aulbbiwslxpvvphxnjij.biz
lpuoztsdsnvyxdyvwpnlzwg.com
pmneyqgaifcmxwwgbagewkpzsin.info
wgsmbxtphamhahbyjnjrydfe.org
eapqolveqsorwfehvkuojnojyluwk.biz
pbpnylskojlaufmmjfiaih.com
knrtdyypwonzljyzhfyyijknzof.ru
womrofxylirlwgcqzxsgjrfqzttm.com
binrpfdeequwrgydmrovzhkjongcnz.net
igsoa.net
No comments:
Post a Comment