Monday, 16 March 2015

Administrator Internal ONLY SecureMessage Internal.pdf

Administrator Internal ONLY SecureMessage Internal.pdf malware now incoming...

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Message Header::

From: "Administrator" {Administrator@
Subject: Internal ONLY
Message Body:
**********Important - Internal ONLY**********

File Validity: 16/03/2015
Company : http://File Format: Adobe Reader
Legal Copyright: Adobe Corporation.
Original Filename: Internal.pdf

********** Confidentiality Notice **********.
This e-mail and any file(s) transmitted with it, is intended for the exclusive use by the person(s) mentioned above as recipient(s).
This e-mail may contain confidential information and/or information protected by intellectual property rights or other rights. If you
are not the intended recipient of this e-mail, you are hereby notified that any dissemination, distribution, copying, or action taken
in relation to the contents of and attachments to this e-mail is strictly prohibited and may be unlawful. If you have received this
e-mail in error, please notify the sender and delete the original and any copies of this e-mail and any printouts immediately from
your system and destroy all copies of it.

 Attachment:
SecureMessage.zip
Inside the Zip file is a Windows Executable:
SecureMessage.scr
Sha256 Hashes:
ca6088c53e1d33fa733b85d330a1cc3f84c474b881cc81613ade14e8615339ae [1]

Malware Macro document information:
VirusTotal Report [1]
Hybrid Analysis Report [1]
Malwr Report: [1]


Cheers,
Steve

No comments: