46448). SunTrust Banks, Inc. - PSS.Phishing.suntrust.com-46448 (Awaiting official AV Signature).
This email targets customers of SunTrust Banks, Inc..
Message Details
| Malware Name: | PSS.Phishing.suntrust.com-46448 (Awaiting official AV Signature). |
| Origin: |  Israel |
| Date first seen: | 10/07/2007 20:40:09 |
| From: | "SunTrust Bank" <businessservice.refE31992380.nf@suntrust.com> |
| Subject: | SunTrust Bank: please confirm your information! (mess_id: l66166224512) |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
http://onlinetreasurymanager-id7665676740.suntrust.com.modd.jp/ibswebsuntrust/cmserver/customer.cfm | ||||
|
http://onlinetreasurymanager-id7665676740.suntrust.com/ibswebsuntrust/cmserver/customer.cfm |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
Dear SunTrust Bank customer, SunTrust Client Service Team requests you to complete Online Treasury Customer Form. This procedure is obligatory for all business and corporate clients of SunTrust Bank. Please click hyperlink below to access Online Treasury Customer Form. [1]http://onlinetreasurymanager-id7665676740.suntrust.com/ibswebsuntrust/cms erver/customer.cfm Thank you for choosing SunTrust Bank for your business needs. Please do not respond to this email. This mail generated by an automated service. . 0x57314933, 0x8, 0x57021476, 0x57, 0x27954093 tmp revision EVRF rev function common start stack. Z5H9: 0x29695171, 0x1, 0x84, 0x29226626, 0x02084799, 0x55 0x820, 0x67, 0x0405, 0x1118, 0x47, 0x1 0x3, 0x00180108, 0x4482, 0x44152365, 0x2838, 0x8, 0x17, 0x2315, 0x03018460, 0x1608, 0x5, 0x2, 0x3214, 0x93, 0x88210682 media: 0x97, 0x86, 0x25, 0x66882497, 0x92, 0x0853, 0x7146, 0x0006, 0x9299, 0x3418 KAA: 0x7, 0x9940, 0x795, 0x08, 0x53, 0x67098203, 0x90, 0x778, 0x02, 0x36283234, 0x48238899, 0x7657, 0x38347243 close: 0x7453, 0x4, 0x55158150, 0x248, 0x0952, 0x86433049, 0x7, 0x16, 0x5239, 0x41299975, 0x7859, 0x290 0x947, 0x42, 0x90, 0x05, 0x7, 0x160, 0x9, 0x410, 0x20, 0x72, 0x3351, 0x27, 0x6491, 0x18, 0x04 function: 0x712, 0x2, 0x6948, 0x081, 0x349, 0x58451980, 0x0194, 0x17, 0x3 0x247, 0x401, 0x5, 0x63 0x5320, 0x25, 0x754, 0x668, 0x4, 0x363, 0x9, 0x81441672, 0x070, 0x51875257, 0x69, 0x91 rcs, root, common 0x926 0x03, 0x94291068, 0x78, 0x716, 0x88, 0x01, 0x02671236, 0x969, 0x16, 0x43, 0x7, 0x92415590, 0x21312432, 0x467 tmp, function, end, 4X0, 7BL, update ZZHA: 0x617, 0x2203 0x2842, 0x35672184, 0x16, 0x70489448, 0x92, 0x10, 0x98192335, 0x6226, 0x29, 0x623, 0x92, 0x10 HLL: 0x4, 0x282, 0x3577, 0x4, 0x5531, 0x919, 0x48044394, 0x072, 0x3048, 0x9928, 0x7036, 0x68323598 9S2: 0x489, 0x70, 0x20596454, 0x97, 0x0, 0x531, 0x6883, 0x63, 0x8, 0x2798, 0x9, 0x773, 0x663 0x644, 0x6029, 0x3, 0x73247939, 0x31, 0x0340, 0x87098376, 0x2, 0x1, 0x46, 0x0 N3U9: 0x44 0x026, 0x484 exe, U57, LEDK, FCI, typedec: 0x2, 0x8459, 0x92, 0x89317148, 0x76 0x76742046 0x78, 0x8949, 0x776, 0x09927457, 0x491, 0x41, 0x027, 0x9, 0x978, 0x393, 0x422, 0x191, 0x6, 0x9 JMF tmp media end AXEN LYZI. 0x6106, 0x00, 0x24, 0x48, 0x9758, 0x970, 0x7, 0x41, 0x4156, 0x2, 0x91, 0x75372297 References 1. http://onlinetreasurymanager-id7665676740.suntrust.com.modd.jp/ibswebsuntrust/cmserver/customer.cfm