Thursday, 22 January 2015

Info from SantanderBillpayment.co.uk, Thank you for using BillPay


Alert Summary:

Info from SantanderBillpayment.co.uk, SantanderBillPayment_Slip. Thank you for using BillPay email with an attached SantanderBillPayment_Slip malicious ZIP file.

Headers:
From: "Santanderbillpayment-noreply@SantanderBillPayment.co.uk"
Subject: Info from SantanderBillpayment.co.uk
Message body:
Thank you for using BillPay. Please keep this email for your records.

The following transaction was received on 22 January 2015 at 09:18:37.

Payment type:          VAT
Customer reference no: 7975402
Card type:            Visa Debit
Amount:                GBP 4,777.00

For more details please check attached payment slip.

Your transaction reference number for this payment is IR7975402.

Please quote this reference number in any future communication regarding this payment.

Yours sincerely,

Banking Operations
Attached to the email is a Zip file:
SantanderBillPayment_Slip7975402.zip
Inside the Zip file is a windows executable: (Note the double extension)
SantanderBillPayment_Slip987412.pdf.exe

MD5 Hashes:
b2cdef905b8c9fa7d018190e1a6ada5b [1]
Malware Information:
VirusTotal Report [1] (hits11/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report  [1]


Cheers,

Steve
Sanesecurity.com

No comments: