Wednesday, 18 March 2015

Your online Gateway.gov.uk Submission

Your online Gateway.gov.uk Submission emails are arriving....

These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself  may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.

It's not advised to ring them as there won't really be anything they can do to help you.

Message Header::

From: "Gateway.gov.uk" {terblasterw@fastq.com}
Subject: Your online Gateway.gov.uk Submission

Message Body:
Government Gateway logo

Electronic Submission Gateway


Thank you for your submission for the Government Gateway.
The Government Gateway is the UK's centralized registration service for e-Government services.

To view/download your form to the Government Gateway please visit http://www.gateway.gov.uk/file/s/gdvzk7toum8ghnc/SecureDocument.zip?dl=1

This is an automatically generated email. Please do not reply as the email address is not
monitored for received mail.

gov.uk - the best place to find government services and information - Opens in new window

The best place to find government services and information
The above link takes you to a Zip download:
https://www.dropbox.com/s/fgjbz0cgk6ubtz1/Document.zip?dl=1
The downloaded Zip is called:
Document.zip

Inside the Zip is a Windows Executable:


Document.scr

Sha256 Hashes:
 1b3e0b87bbb4d84c7e7b4bea5a409df7272adef9487bbe239ebbfd2be0fa60bf   [1]

Malware Macro document information:
VirusTotal Report [1] (Detection ratio 7 /57)
Malwr Report [1]
Hybrid Analysis Report [1]
Cheers,
Steve

1 comment:

Anonymous said...

Aside from the fact that the sender's address wasn't to cleverly concealed as with the dropbox address clearly sitting below the gateway hyperlink - we shouldn't really spell centralised with a Z in the UK!

0/10 very poor work!