Monday, 23 March 2015

Gulf Trade Co. Ltd Mrs Haisha Abdul. Profoma Invoice

Gulf Trade Co. Ltd Mrs Haisha Abdul. Profoma Invoice

Headers:
Subject: RE:PI FOR NEW ORDER
From: export@gmail.com
Message body:
Dear Sir,

Please see attached for your reference.

The proforma ivoice for new order to effect payment ASAP.
If you have any question or correction, please let me know.

Regards,
Mrs Haisha Abdul.
Sales Person,
Gulf Trade Co. Ltd
Al-Rai, Street No.22, Thailand
Tel : 1803803
Tel Fax : +(666) 24770292
Skype: annimohd6@gmail.com

There's a Rar file attached to the email:
Profoma Invoice.rar

Inside the Rar file is an exe file:
Profoma Invoice.exe
Sha256 Hashes:
cf32a6ee5f309d06590623f0a098833cbd48692bc131442088594f2fef6c00c2  [1]

Malware Anti-Virus Reports:
VirusTotal Report [1] (hits 16/51 Virus Scanners)
Malwr Report [1]

Malware Summary:
  • Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
  • Executed a process and injected code into it, probably while unpacking
  • Installs itself for autorun at Windows startup

Cheers,

Steve
Sanesecurity.com

No comments: