Date: Mon, 4 Aug 2014 19:57:07 +0800 [07:57:07 EDT]Attached to the message is an archive AccountDocuments.zip which in turn contains the malicious executable AccountDocuments.scr which has a VirusTotal detection rate of 6/54 and the comments indicate that this is a variant of Cryptowall. The Comodo CAMAS report shows that it phones home to the following URLs:
From: Andrea Talbot [Andrea.Talbot@bofa.com]
Subject: RE: Important Documents
Please check attached documents regarding your Bofa account.
Andrea Talbot
Bank Of America
817-298-4679 office
817-180-2340 cell Andrea.Talbot@bofa.com
CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are
confidential and are intended solely for the use of the person or entity to whom the
message was addressed. If you are not the intended recipient of this message, please be
advised that any dissemination, distribution, or use of the contents of this message is
strictly prohibited. If you received this message in error, please notify the sender.
Please also permanently delete all copies of the original message and any attached
94.23.247.202/0408cnet28/SANDBOXB/0/51-SP2/0/
94.23.247.202/0408cnet28/SANDBOXB/1/0/0/
dirbeen.com/khalid53/cnet28.zip
ibuildchoppers.com/wp-content/gallery/choppers/cnet28.zip
Recommended blocklist:
94.23.247.202
dirbeen.com
ibuildchoppers.com
1 comment:
Just had a user open the attachment yesterday (Aug 04 2014). Same delivery method (fake BofA email). Very convincing email, though. Luckily, our network security equipment blocked the outgoing calls.
Post a Comment