Fake HSBC “Are all above transactions recognisable to you” delivers malware

I haven’t seen Dridex banking trojan hitting the UK in absolutely ages. In fact I can’t remember when I last saw one. This is detected as Dridex by some VirusTotal detections but online sandbox analysis aren’t showing typical Dridex SSl connections, so I am not sure exactly what this is. Update: I am informed reliably that it is Gozi/ Ursnif Banking trojan An email with the subject of  “Are all above transactions recognisable to you”  pretending to come from   HSBC Protection Support but actually coming from [email protected]  with a link in the email body going to https://rockinghamdental.com/main.php?YHKeGpEamn4XDDA45X%2FX58xslDwVkwOIlhvoXlCIsjs1oacGQ6f7%2Ffq5ljqjDQvnt45QJjDuum5wJUNrVDOXq5rfskJnM3a6ZYlmYvi8zZevaVtFLU8q5y5Mb%2FFv4XrwoosR0%2BY%2BzdzN6fdoJC6Mr9eo4lDT0NfeTQbMd5oNiC0Wjpvlcm2c5HNvNMOufQ7dPcFrZf8I%2FeC4Sz%2BXQpnHLOZquT4FT9FyLQas1%2BbjXo8%3D  where a file is downloaded. Transaction_Log.exe … Continue reading →

Article Link: https://myonlinesecurity.co.uk/fake-hsbc-are-all-above-transactions-recognisable-to-you-delivers-malware/