From: Gateway.gov.ukThe link leads to an archive file Avis_De_Paiement.zip which in turn contains a malicious binary Avis_De_Paiement.scr which has a VirusTotal detection rate of 16/57. ThreatExpert and Comodo CAMAS report that it downloads components from the following locations:
Date: 18 March 2015 at 13:19
Subject: Your online Gateway.gov.uk Submission
Electronic Submission Gateway
Thank you for your submission for the Government Gateway.
The Government Gateway is the UK's centralized registration service for e-Government services.
To view/download your form to the Government Gateway please visit http://www.gateway.gov.uk/file/s/gdvzk7toum8ghnc/SecureDocument.zip?dl=1
This is an automatically generated email. Please do not reply as the email address is not
monitored for received mail.
gov.uk - the best place to find government services and information - Opens in new window
The best place to find government services and information
canabrake.com.mx/css/doc11.rtf
straphael.org.uk/youth2000_files/doc11.rtf
My sources indicate that this most likely phones home to 109.230.131.95 (Vsevnet Ltd. Russia) which is a known bad IP that I recommend blocking. The payload appears to be the Upatre downloader leading to the Dyre banking trojan.
No comments:
Post a Comment