Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Diskussionsforum (https://www.trojaner-board.de/diskussionsforum/)
-   -   CHASE Bank Spam: Incoming Wire Transfer (https://www.trojaner-board.de/135504-chase-bank-spam-incoming-wire-transfer.html)

markusg 24.05.2013 16:59
CHASE Bank Spam: Incoming Wire Transfer
 
Incoming Wire Transfer


Wer eine Mail mit dem Betreff
Zitat:
"Incoming Wire Transfer"
erhält, sollte diese an uns weiterleiten.

From: "Chase" <Chase@emailinfo.chase.com>
(gefälschter Absender)
Subject: Incoming Wire Transfer

Note: This is a service message with information related to your Chase
account(s). It may include specific details about transactions, products or
online services. If you recently cancelled your account, please disregard this
message.
CHASE
<http://email.chase.com/1fc2a7973layfousibubltdyaaaaaaecevjmc2cnhd4yaaaaa>


** We're writing to let you know the "Incoming Wire Transfer Report" is
available.
If you are not aware of this transaction or have concerns about the request,
please contact your company administrator.

The detailed Information about this transaction is available in the attached file.

Zitat:
Account: BUSINESS CHECKING/SAVINGS ACCOUNT
Date of deposit: 05/24/2013
Transaction number: 1
Type: International Wire Transfer
Amount: $136,835.10

If you aren't enrolled in "Incoming Transfer Report's" and think you've received
this message in error, please call our Customer Support team immediately, using
the phone number on the "Contact Us" page on Chase Online.

Note: This e-mail may contain confidential information. If you are not the
intended recipient (or have received this e-mail in error) please notify the
sender immediately and destroy this e-mail. Any unauthorized copying, disclosure
or distribution of the material in this e-mail is strictly forbidden.




E-mail Security Information




If you would like to learn more about e-mail security or want to report a
suspicious e-mail, click here
<http://email.chase.com/13495b33dlayfousibublteaaaaaaaecevjmc2cnhd4yaaaaa>.

*Note:* If you are concerned about clicking links in this e-mail, the Chase
Online services mentioned above can be accessed by typing
www.chase.com

<http://email.chase.com/1d7818769layfousibublteiaaaaaaecevjmc2cnhd4yaaaaa>

directly into your browser.




If you want to contact Chase, please do not reply to this message, but instead
go to
www.chase.com

<http://email.chase.com/129ccddd4layfousibublteqaaaaaaecevjmc2cnhd4yaaaaa>.
For
faster service, please enroll or log in to your account. Replies to this message
will not be read or responded to.

Your personal information is protected by advanced technology. For more detailed
security information, view our Online Privacy Policy
<http://email.chase.com/1cad8e980layfousibublteyaaaaaaecevjmc2cnhd4yaaaaa>.
To
request in writing: Chase Privacy Operations, PO Box 659752, San Antonio, TX
78265-9752.

JPMorgan Chase Bank, N.A. Member FDIC
2013 JPMorgan Chase & Co.
LCAA0213S

Es hängt an:
incoming_wire_05242013.zip
Rund 98,1 KB groß.
Virustotal Ergebniss der enthaltenen .EXE Datei:
https://www.virustotal.com/file/0a23...is/1369411502/
MD5: f9182e5f13271cefc2695baa11926fab
SHA1: b3cff6332f2773cecb2f5037937bb89c6125ec15
Detect: 10 / 47

Artemis!F9182E5F1327 (McAfee)
Malware.Packer.RRE (Malwarebytes)
W32/Trojan3.FHV (F-Prot)
Hlux.ZY (Norman)
Trojan-PSW.Win32.Tepfer.kzck (Kaspersky)
Gen:Variant.Kazy.178159 (BitDefender)
Trojan.Packed.196 (DrWeb)
Artemis!F9182E5F1327 (McAfee-GW-Edition)
W32/Trojan.NCDK-5971 (Commtouch)
Win32/Kryptik.BBVN (ESET-NOD32)




Es handelt sich hierbei um Zeus Gameover

Folgene Autostart Einträge werden erstellt:
HKEY_USERS\Software\Microsoft\Windows\CurrentVersion\Run
Ohbefy
"C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Ahgy\ohbefy.exe&quot;
die Malware verbindet zu:
exquisitemusic.net/8VpK.exe
116.122.158.195:8080/forum/viewtopic.php
Diese Malware ist in der Lage, sensible Daten zu stehlen.
Passwörter, Banking Daten, etc.

- Wer eine solche, oder ähnliche verdächtige Mail erhält, möge diese an uns weiterleiten.
markusg - trojaner-board.de
- Mails, die man erhält, immer gründlich lesen.
- wer den Link geöffnet hatt, bitte ein Thema bei uns eröffnen.
http://www.trojaner-board.de/log-analyse-auswertung
- wer in sozialen Netzwerken aktiv ist, sollte den Link zu diesem beitrag ruhig teilen, um andere zu warnen
Code:
http://www.trojaner-board.de/135504-chase-bank-spam-incoming-wire-transfer.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 12:12 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131