Un mail con "ingenieria social", propio de ser ejecutado al recibirse en secciones de contabilidad y administración de empresas , anexa un fichero ZIP que una vez desempaquetado es un EXE con icono de PDF,
MAIL MALICIOSO ANEXANDO FICHERO MALWARE:
_______________________________________
Asunto: Your transaction is completed
Transaction is completed. $7575 has been successfully transfered.
If the transaction was made by mistake please contact our customer service.
Payment receipt is attached.
*** This is an automatically generated email, please do not reply ***
© Barclays.Net 2013 Corporation. All rights reserved
anexado: payment receipt (document 3.03.2104).zip
_____________________
FIN DEL MAIL MALICIOSO
A partir del ElistarA 29.50 pasamos a controlar esta nueva variante
El preanalisis del fichero anexado en virustotal, ofrece el siguiente informe:
MD5 5818f3cf9e776c306c71140471f0fe5d
SHA1 1b1f1e006248bd7116a68d9c03b1bdbac8069716
Tamaño del fichero 168.0 KB ( 172032 bytes )
SHA256: 942b5bff64bb44223be4956415f9b70b7022f220dd02b5894a90a2841f646a9e
Nombre: payment receipt (document 3.03.2104).exe
Detecciones: 33 / 50
Fecha de análisis: 2014-03-04 14:21:28 UTC ( hace 25 minutos )
0 6
Antivirus Resultado Actualización
AVG Luhe.Fiha.A 20140303
Ad-Aware Trojan.GenericKD.1592620 20140304
AhnLab-V3 Trojan/Win32.Fakeavlock 20140304
AntiVir TR/Crypt.ZPACK.46381 20140304
Avast Win32:Trojan-gen 20140304
Baidu-International Trojan.Win32.InfoStealer.AWZ 20140304
BitDefender Trojan.GenericKD.1592620 20140304
Commtouch W32/Trojan.DFTM-8060 20140304
DrWeb Trojan.PWS.Siggen1.20644 20140304
ESET-NOD32 Win32/Zlader.F 20140304
Emsisoft Trojan-PSW.Win32.Tepfer (A) 20140304
F-Prot W32/Trojan3.HQI 20140304
F-Secure Trojan:W32/Agent.DUTF 20140304
Fortinet W32/Dofoil.QTZ!tr 20140304
GData Trojan.GenericKD.1592620 20140304
Ikarus Trojan-Spy.Zbot 20140304
K7AntiVirus Trojan ( 0048cbd41 ) 20140304
K7GW Trojan ( 0048cbd41 ) 20140304
Kaspersky Trojan-PSW.Win32.Tepfer.tiic 20140304
McAfee PWS-FBQF 20140304
McAfee-GW-Edition Artemis!5818F3CF9E77 20140304
MicroWorld-eScan Trojan.GenericKD.1592620 20140304
Microsoft PWS:Win32/Fareit 20140304
Norman Troj_Generic.SVVRH 20140304
Panda Generic Malware 20140304
Qihoo-360 HEUR/Malware.QVM07.Gen 20140304
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140304
Sophos Troj/Agent-AGFN 20140304
Symantec Trojan.Fakeavlock 20140304
TotalDefense Win32/Dofoil.YWNFRIC 20140304
TrendMicro TSPY_ZBOT.WHF 20140304
TrendMicro-HouseCall TSPY_ZBOT.WHF 20140304
VIPRE Trojan.Win32.Generic!BT 20140304
Dicha version del ElistarA 29.50 que lo detecta y elimina, estará disponible en nuestra web a partir de las 19 h CEST de hoy
saludos
ms, 4-3-2014
MAIL MALICIOSO ANEXANDO FICHERO MALWARE:
_______________________________________
Asunto: Your transaction is completed
Transaction is completed. $7575 has been successfully transfered.
If the transaction was made by mistake please contact our customer service.
Payment receipt is attached.
*** This is an automatically generated email, please do not reply ***
© Barclays.Net 2013 Corporation. All rights reserved
anexado: payment receipt (document 3.03.2104).zip
_____________________
FIN DEL MAIL MALICIOSO
A partir del ElistarA 29.50 pasamos a controlar esta nueva variante
El preanalisis del fichero anexado en virustotal, ofrece el siguiente informe:
MD5 5818f3cf9e776c306c71140471f0fe5d
SHA1 1b1f1e006248bd7116a68d9c03b1bdbac8069716
Tamaño del fichero 168.0 KB ( 172032 bytes )
SHA256: 942b5bff64bb44223be4956415f9b70b7022f220dd02b5894a90a2841f646a9e
Nombre: payment receipt (document 3.03.2104).exe
Detecciones: 33 / 50
Fecha de análisis: 2014-03-04 14:21:28 UTC ( hace 25 minutos )
0 6
Antivirus Resultado Actualización
AVG Luhe.Fiha.A 20140303
Ad-Aware Trojan.GenericKD.1592620 20140304
AhnLab-V3 Trojan/Win32.Fakeavlock 20140304
AntiVir TR/Crypt.ZPACK.46381 20140304
Avast Win32:Trojan-gen 20140304
Baidu-International Trojan.Win32.InfoStealer.AWZ 20140304
BitDefender Trojan.GenericKD.1592620 20140304
Commtouch W32/Trojan.DFTM-8060 20140304
DrWeb Trojan.PWS.Siggen1.20644 20140304
ESET-NOD32 Win32/Zlader.F 20140304
Emsisoft Trojan-PSW.Win32.Tepfer (A) 20140304
F-Prot W32/Trojan3.HQI 20140304
F-Secure Trojan:W32/Agent.DUTF 20140304
Fortinet W32/Dofoil.QTZ!tr 20140304
GData Trojan.GenericKD.1592620 20140304
Ikarus Trojan-Spy.Zbot 20140304
K7AntiVirus Trojan ( 0048cbd41 ) 20140304
K7GW Trojan ( 0048cbd41 ) 20140304
Kaspersky Trojan-PSW.Win32.Tepfer.tiic 20140304
McAfee PWS-FBQF 20140304
McAfee-GW-Edition Artemis!5818F3CF9E77 20140304
MicroWorld-eScan Trojan.GenericKD.1592620 20140304
Microsoft PWS:Win32/Fareit 20140304
Norman Troj_Generic.SVVRH 20140304
Panda Generic Malware 20140304
Qihoo-360 HEUR/Malware.QVM07.Gen 20140304
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140304
Sophos Troj/Agent-AGFN 20140304
Symantec Trojan.Fakeavlock 20140304
TotalDefense Win32/Dofoil.YWNFRIC 20140304
TrendMicro TSPY_ZBOT.WHF 20140304
TrendMicro-HouseCall TSPY_ZBOT.WHF 20140304
VIPRE Trojan.Win32.Generic!BT 20140304
Dicha version del ElistarA 29.50 que lo detecta y elimina, estará disponible en nuestra web a partir de las 19 h CEST de hoy
saludos
ms, 4-3-2014