Tuesday, 17 March 2015

Customer account docs Carrie L. Tolstedt wellsfargo.com

Customer account docs Carrie L. Tolstedt wellsfargo.com emails.

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Message Header::

From: "Carrie L. Tolstedt" {Carrie.Tolstedt@wellsfargo.com}
Subject: FW: Customer account docs

Message Body:
Wells Fargo Logo

We have received the following documents regarding your account, if you would like to confirm the changes please check / view the documents please click here.

The above link takes you to a Zip download:
https://www.cubbyusercontent.com/pl/SignedDocuments_AN994264SKR.zip/_68174f755c6940cc81f33aab2cc6169a
Inside the Zip is a Windows Exacutable:
SignedDocuments_AN994264SKR.scr

Sha256 Hashes:
 157158f46dc0a72c703f48d337b6f1ccd128e3f3c85ff955c435cf12f296f5a8 [1]

Malware Macro document information:
VirusTotal Report [1] (Detection ratio 4 /57)
Malwr Report [1]
Hybrid Analysis Report [1]
Cheers,
Steve

No comments: