From: Bankline [secure.message@bankline.com]The link in the email goes to ismashahalam.net/xyzpayohjx/ngkzoeqjjs.html which downloads an archive file from ismashahalam.net/xyzpayohjx/SecureMessage.zip. This in turn contains a malicious file SecureMessage.scr which has a VirusTotal detection rate of 0/50.
Date: 24 September 2014 09:59
Subject: You have received a new secure message from BankLine
You have received a secure message.
Read your secure message by following the link bellow:
http://ismashahalam.net/xyzpayohjx/ngkzoeqjjs.html
You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.
If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the Bankline Bank Secure Email Help Desk at 0131 556 7941.
First time users - will need to register after opening the attachment.
About Email Encryption - https://supportcentre.Bankline.com/app/answers/detail/a_id/1671/kw/secure%20message
The Anubis report shows that the malware phones home to very-english.co.uk which is worth blocking or monitoring.
For research purposes only, a copy of the malicious executable can be downloaded from here [zip]. The password is foray307.
No comments:
Post a Comment