This fake HSBC email message has a malicious payload:
From: HSBC SecureMail [HSBCRepresentative_WilliamsBlankenship@hsbc.co.uk]
Date: 16 September 2015 at 13:13
Subject: You have received a secure message
|
|
| You have received a secure message
|
|
Read your secure message by opening the attachment.
You will be prompted to open (view) the file or save (download)
it to your computer. For best results, save the file first,
then open it with Internet Explorer.
If you have concerns about the validity of this message, please contact
the sender directly. For questions please contact the HSBC Secure Mail
Help Desk.
First time users - will need to register after opening the attachment.
About Email Encryption - http://www.hsbc.co.uk/secureemail
|
|
|
 |
| HSBC_Payment_87441653
16K |
|
|
|
Attacked is a file
HSBC_Payment_87441653.zip which in turn contains a malicious executable
HSBC_Payment_87441653.exe, this has a VirusTotal detection rate of
4/56.
UPDATE: The
Hybrid Analysis report shows network traffic to a familiar Nigerian IP of
197.149.90.166 which I strongly recommend you block. The traffic pattern is indicative of Upatre dropping the Dyre banking trojan.
MD5:
359f0c584d718f44e9777e259f013031
No comments:
Post a Comment