From: Bankline.Administrator@rbs.co.uk [Bankline.Administrator@rbs.co.uk]The link isn't a Dropbox link at all, but it downloads an archive file from [donotclick]figarofinefood.com/share/document-128_712.zip which contains the malicious executable document-128_712.scr which has a VirusTotal detection rate of 4/54.
Date: 25 June 2014 15:25
Subject: Outstanding invoice
Dear [redacted],
Please download on the link below from dropbox copy invoice which is showing as unpaid on our ledger.
http://figarofinefood.com/share/document-128_712.zip
I would be grateful if you could look into this matter and advise on an expected payment date .
Many thanks
Max Francis
Credit Control
Tel: 0845 300 2952
Automated analysis tools [1] [2] [3] show that it attempts to phone home to babyslutsnil.com on 199.127.225.232 (Tocici LLC, US). That domain was registered a few days ago with the following (possibly fake) details:
Registrar Registration Expiration Date: 2015-06-12
Registrar: Domain names registrar REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: abuse@reg.ru
Registrar Abuse Contact Phone: +7.4955801111
Registry Registrant ID:
Registrant Name: Viktor Ponomarev
Registrant Organization: Private Person
Registrant Street: veselaia d 81 kv 818
Registrant City: Moscow
Registrant State/Province: Moscow
Registrant Postal Code: 156737
Registrant Country: RU
Registrant Phone: +79267463723
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: tiosombovisi1987@mail.ru
Registry Admin ID:
No comments:
Post a Comment