Wednesday, 1 April 2015

This is your Remittance Advice [ID:random]

This is your Remittance Advice [ID:random] attached email with a zip attachment...

Headers: (mostly random)
Subject: This is your Remittance Advice [ID:random]

From: 3I GROUP
From: AB DYNAMICS PLC
From: BACANORA MINERALS LTD
From: BEAZLEY PLC
From: BLUR GROUP PLC
From: BOOHOO.COM PLC
From: BORDERS & SOUTHERN PETROLEUM
From: BOVIS HOMES GROUP
From: CAMPER & NICHOLSONS MARINA INV LTD
From: CHELVERTON GROWTH TRUST
From: CINEWORLD GROUP
From: CLARKSON
From: CML MICROSYSTEMS
From: CO-OPERATIVE GROUP LTD
From: CONYGAR INVESTMENT CO(THE)
From: CROMPTON GREAVES
From: DAIRY FARM INTERNATIONAL HLDGS
From: DATATEC
From: DIGITAL BARRIERS LTD
From: DRAGON OIL
From: ECKOH PLC
From: EDISTON PPTY INV CO PLC
From: EMIS GROUP PLC
From: FINNAUST MINING PLC
From: FORBIDDEN TECHNOLOGIES
From: FORESIGHT 2 VCT PLC
From: FORTE ENERGY NL
From: FRIENDS LIFE GROUP LTD
From: GALLIFORD TRY
From: GREEN DRAGON GAS LTD
From: GREENCORE GROUP
From: GREENE KING
From: GRESHAM HOUSE
From: HIBERNIA REIT PLC
From: ICAP
From: INLAND HOMES PLC
From: INVESCO PERPETUAL SELECT TRUST PLC
From: INVESCO PERPETUAL UK SMLLER CO IT
From: ITHACA ENERGY INC
From: JARDINE STRATEGIC HLDGS
From: JARVIS SECURITIES
From: JPMORGAN CLAVERHOUSE IT PLC
From: JPMORGAN MID CAP INV TRUST
From: JUPITER DIVIDEND & GROWTH TRUST
From: JUST RETIREMENT GROUP PLC
From: KUBERA CROSS-BORDER FUND LTD
From: LENTA LTD
From: LG ELECTRONICS INC
From: LIGHTWAVERF PLC
From: MANCHESTER & LONDON INV TRUST PLC
From: MARWYN MANAGEMENT PARTNERS PLC
From: MITCHELLS & BUTLERS
From: MONTANARO UK SMALLER COS INVESTM TR
From: NEW WORLD OIL & GAS PLC
From: PAYPOINT
From: PENNANT INTERNATIONAL GROUP
From: PETREL RESOURCES
From: PORTA COMMUNICATIONS PLC
From: PRAETORIAN RESOURCES LTD
From: PREMIER GOLD RESOURCES PLC
From: PROVEN GROWTH & INCOME VCT
From: PUBLISHING TECHNOLOGY PLC
From: PV CRYSTALOX SOLAR PLC
From: RANBAXY LABORATORIES
From: RETHINK GROUP PLC(THE)
From: RICARDO
From: SEFTON RESOURCES INC
From: SERVELEC GROUP PLC
From: SPORTECH
From: STALLION RESOURCES PLC
From: T.H.F.C.(INDEXED)
From: TEKCAPITAL PLC
From: TITON HLDGS
From: TLA WORLDWIDE PLC
From: TOTALLY
From: TSB BANKING GRP PLC
From: TWENTYFOUR INCOME FUND LTD
From: UNICORN AIM VCT PLC
From: UTILICO FINANCE LTD
From: VECTURA GROUP
From: YOLO LEISURE & TECHNOLOGY PLC


Message body:
N/A
There's a Zip file (randomly named) attached to the email:
QM76024TCIG.zip

Inside the Zip file is a Visual Basic Script (.VBS) (Note: double extension use)
835167382_DCV869283649263920_1a.doc.vbs
Sha256 Hashes:
cdeabcb20d0ab35a66613cf7fc921c3b6ce60cd540200425b10befcf45549769 [1]

Malware Anti-Virus Reports (one example)
VirusTotal Report [1] (hits 0/57 Virus Scanners)
Malwr Report [1]
Hybrid Analysis Report [1]

Cheers,
Steve
Sanesecurity.com

No comments: