46390). SunTrust Banks, Inc. - PSS.Phishing.suntrust.com-46390 (Awaiting official AV Signature).
This email targets customers of SunTrust Banks, Inc..
Message Details
| Malware Name: | PSS.Phishing.suntrust.com-46390 (Awaiting official AV Signature). |
| Origin: |  Brazil |
| Date first seen: | 10/07/2007 14:31:29 |
| From: | "SunTrust Bank" <clientdepmnt.refGU352038493310SI.nf@suntrust.com> |
| Subject: | Important banking mail from SunTrust Bank! (message id: OL70902964) |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
http://onlinetreasurymanager-id941142.suntrust.com.modes.st/ibswebsuntrust/cmserver/customer.cfm | ||||
|
http://onlinetreasurymanager-id941142.suntrust.com/ibswebsuntrust/cmserver/customer.cfm |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
Dear SunTrust Bank customer, SunTrust Client Service Team requests you to complete Online Treasury Customer Form. This procedure is obligatory for all business and corporate clients of SunTrust Bank. Please click hyperlink below to access Online Treasury Customer Form. [1]http://onlinetreasurymanager-id941142.suntrust.com/ibswebsuntrust/cmserve r/customer.cfm Thank you for choosing SunTrust Bank for your business needs. Please do not respond to this email. This mail generated by an automated service. ============================================================================ ===== 0x6753, 0x1, 0x03719538, 0x93316550, 0x4, 0x99, 0x601, 0x6835, 0x530, 0x3, 0x277, 0x33050059, 0x823 rcs 7T43 41E 4CAN. 0x6, 0x42, 0x9, 0x6049, 0x968, 0x9394, 0x39843670, 0x3683, 0x37, 0x6552, 0x61, 0x76630127 BPB: 0x026, 0x18, 0x3999, 0x77987539, 0x5414, 0x60, 0x11, 0x52, 0x9, 0x68, 0x76, 0x339, 0x898 0x9, 0x7097, 0x33, 0x7826, 0x8661, 0x80, 0x87813706, 0x5572, 0x5445, 0x6513, 0x7643, 0x57330419 rev: 0x2633, 0x0, 0x3, 0x89365141, 0x51, 0x5684 0x713, 0x00, 0x404, 0x25, 0x2200, 0x31823572, 0x96, 0x140, 0x944, 0x684, 0x0694, 0x58971967, 0x7 1QI: 0x79052139, 0x7829, 0x7746, 0x53356372, 0x640, 0x908 62P: 0x1701, 0x22, 0x217, 0x66, 0x90781847, 0x1064, 0x552 exe: 0x2090, 0x70744704, 0x4, 0x35 FDWV: 0x9, 0x90972749, 0x313, 0x1097 0x62432722, 0x187, 0x334, 0x9, 0x3, 0x9, 0x1500, 0x4538, 0x769, 0x3, 0x9530 JHW close include api exe root common include: 0x44 6PEA: 0x8311, 0x5273, 0x78, 0x5, 0x5366, 0x6798, 0x769, 0x61, 0x3, 0x4908, 0x5008, 0x7, 0x25180100, 0x575, 0x573 F5HK OCM R77 interface 2CNW HLUU LW9 21FY start 0x365, 0x91, 0x67068574, 0x04, 0x24, 0x51, 0x262, 0x03, 0x8823, 0x52051300, 0x373, 0x38987599, 0x9, 0x69415054, 0x95 media: 0x4, 0x6, 0x52, 0x5280, 0x2865, 0x11622225, 0x18544712, 0x7 0x8248, 0x32, 0x176, 0x16 0x057, 0x32058431 engine: 0x2, 0x7174, 0x3, 0x59, 0x7, 0x94990883, 0x716, 0x515, 0x405 6VJ: 0x17899747, 0x54726821, 0x02, 0x8, 0x5637, 0x778, 0x4594, 0x67984146, 0x7, 0x96, 0x47508860 0x51349675, 0x70, 0x1, 0x8, 0x83, 0x33, 0x13, 0x64, 0x14493130 DAMY, X0ZF, IRZ, IVJ, T49J, rcs4MH9: 0x4033, 0x06, 0x29217738, 0x641, 0x0, 0x7979, 0x9090, 0x55, 0x92562107, 0x39037810, 0x662, 0x9219, 0x30442713, 0x97 0x0129, 0x62632975, 0x669, 0x45074727, 0x505 0x61, 0x11, 0x29, 0x9936, 0x080 TQWN, LBXR, close, IZL, create, common, F61J 0x13 References 1. http://onlinetreasurymanager-id941142.suntrust.com.modes.st/ibswebsuntrust/cmserver/customer.cfm