#PhishingFriday with Sisinerd: Remittance Advice or Phish
Confidence Staveley
Multi-Award Winning Cybersecurity Leader | Author-API Security for White Hat Hackers | Int'l Speaker | I help US businesses navigate the complexities of application security, with confidence | 3x Founder
On today's edition of #PhishingFriday with Sisinerd, i am featuring a phishing email with a harmful attachment disguised as a remittance advice. Receiving remittance notification via email is normal for many organizations with international dealings. So please share this article with as many people as possible so your friends, colleagues and family can all learn and avoid being phished.
When we analyzed the phishing email we came to the following conclusion:
1. This was most likely a mass phishing email, the cybercriminal is hoping that a few victims will click on the attachment either out of ignorance, curiosity or sheer coincidence.
2. This phishing email was designed to only get things started. The harmful attachment was designed to gather and collect information about the victim's system and plant a backdoor for the attacker to come back as often as they please.
While observing the activity of the harmful attachment we found that the malware was designed to follow two key tactics: discover as much as possible about the victim's environment and evade defenses.
Query registry: The registry is a treasury chest of any windows operating system. This malware (harmful code) queries (sends commands to) the registry to gather information about the system. It also reads the system certificates settings, through the registry, it checks the system trust settings and reads the system computer name. It modifies the Registry to hide configuration information within registry key, it does this as part of clearing tracks
System information discovery: It reads the system name and checks supported languages.
Software discovery: Since it is a malicious file sent via mail, it reads Microsoft outlook installation path. This perhaps is to take over the system mailing software.
Defense evasion: This malware was observed to modify the registry and hide itself from being discovered.
领英推荐
Some Key Capabilities of the malware contained in the attached harmful email attachment:
·??????It can download additional threats from the cybercriminal's server into the victim's computer.
·??????It can collect sensitive information from the infected computer.
·?????It can?upload the gathered data to a remote server.
·?????It can?allow remote attacker to control the victim's computer.
Some Key Red Flags on first glance:
1. The sender's email address
2. Remittance advice attached as a web file (html document). Usually this should come as a pdf. However, i have seen phishing emails with remittance advice as a pdf. As a rule of thumb, do not open attachments in email you were not expecting. If you must open the attachment, please use virustotal.com to scan it and confirm it isn't harmful.
3. Generic greeting and no corporate signature/signoff.
The lack of sufficient information in the email body could also stir curiosity and psychologically compel people to open the attachment.
Feel Free to share phishing emails you receive with me, via my direct messages and let's practically learn about phishing weekly. See you next week Friday, don't get phished!
Cybersecurity GRC Analyst || Program Lead @ secopstalents || Weaver of Words
2 年Loving this concept ?
Digital forensics analyst
2 年Thank you for this wonderful information
Graduate Assistant | Virtual Administrative Assistant | ALX Alum | Business Development Executive (Retail Banking) | Lecturer | Women TechSters Fellow (WTFC' 2023) Alumni | Entrepreneur
2 年Very useful
IT Support Engineer|Networking Engineer(CCNA) |Fortinet Cybersecurity Associate(FCA) |ISC2 CC | Next-Generation Cybersecurity(Huawei)| CCNP (In-View)
2 年Very useful
A certified SOC ANALYST
2 年Thank you Ma