Wednesday, 21 January 2015

Australian Taxation Office - Refund Notification

Australian Taxation Office - Refund Notification

Malware just arriving...

Headers:
From: "Australian Taxation Office" {noreply@ato.gov.au}
Subject: Australian Taxation Office - Refund Notification
Message body:
IMPORTANT NOTIFICATION

Australian Taxation Office - 22/01/2014

After the last calculation of your fiscal activity we have determined that you are eligible to receive a refund of 8128.86 AUD.

For more details please follow the steps bellow :

- Right-click the link on the attachment name, and select Save Link As, Save Target As or a similar option provided.
- Select the location into which you want to download the file and choose Save.
- Unzip the attached file.

Laurence Browning,
Tax Refund Department
Australian Taxation Office


Attached to the email is a Zip file:
ATO_TAX_129481_pdf.zip
Inside the Zip file is a windows executable: (Note the double extension)
 ATO_TAX_129481_pdf.exe

MD5 Hashes:
9fc82c3f56177b5d1e8ed840d81cda01 [1]
Malware Information:
VirusTotal Report [1] (hits 11/57 Virus Scanners)

Malwr Report [1]

.Hybrid Analysis Report  [1]

Summary:

Accesses potentially sensitive information from local browsers



Cheers,

Steve
Sanesecurity.com

No comments: