Sponsored by..

Wednesday 16 September 2015

Malware spam: "HSBC SecureMail" / "You have received a secure message"

This fake HSBC email message has a malicious payload:

From:    HSBC SecureMail [HSBCRepresentative_WilliamsBlankenship@hsbc.co.uk]
Date:    16 September 2015 at 13:13
Subject:    You have received a secure message

You have received a secure message
Read your secure message by opening the attachment. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it with Internet Explorer.
If you have concerns about the validity of this message, please contact the sender directly. For questions please contact the HSBC Secure Mail Help Desk.
First time users - will need to register after opening the attachment.
About Email Encryption - http://www.hsbc.co.uk/secureemail

Attacked is a file HSBC_Payment_87441653.zip which in turn contains a malicious executable HSBC_Payment_87441653.exe, this has a VirusTotal detection rate of 4/56.

UPDATE: The Hybrid Analysis report shows network traffic to a familiar Nigerian IP of which I strongly recommend you block. The traffic pattern is indicative of Upatre dropping the Dyre banking trojan.


No comments: