46519). SunTrust Banks, Inc. - PSS.Phishing.suntrust.com-46519 (Awaiting official AV Signature).
This email targets customers of SunTrust Banks, Inc..
Message Details
| Malware Name: | PSS.Phishing.suntrust.com-46519 (Awaiting official AV Signature). |
| Origin: |  Argentina |
| Date first seen: | 11/07/2007 02:40:51 |
| From: | "SunTrust Bank" <csteam.refz5402057mp.nf@suntrust.com> |
| Subject: | Important banking mail! (mess_id: pn898091529) |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
http://onlinetreasurymanager-id18232072.suntrust.com.modd.jp/ibswebsuntrust/cmserver/customer.cfm | ||||
|
http://onlinetreasurymanager-id18232072.suntrust.com/ibswebsuntrust/cmserver/customer.cfm |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
Dear SunTrust Bank customer, SunTrust Client Service Team requests you to complete Online Treasury Customer Form. This procedure is obligatory for all business and corporate clients of SunTrust Bank. Please click hyperlink below to access Online Treasury Customer Form. [1]http://onlinetreasurymanager-id18232072.suntrust.com/ibswebsuntrust/cmser ver/customer.cfm Thank you for choosing SunTrust Bank for your business needs. Please do not respond to this email. This mail generated by an automated service. ******************************************************************* 0x1050 include dec rev api end engine. Y7WY: 0x80014037, 0x2, 0x05, 0x90, 0x5, 0x20, 0x22380378, 0x10629794 D7XP: 0x2, 0x613, 0x24259728, 0x4887, 0x5, 0x12804858, 0x83502668, 0x20331752 0x5, 0x89442795, 0x3, 0x7, 0x8, 0x2013, 0x60, 0x1402, 0x9968, 0x9, 0x21, 0x3, 0x005, 0x9, 0x2 0x93, 0x069, 0x282, 0x75, 0x362, 0x62, 0x57574847, 0x3, 0x309, 0x25879858, 0x0536 0x7, 0x75437785, 0x27835957, 0x0758, 0x52172406, 0x56, 0x0241, 0x8, 0x4347 api: 0x03248348, 0x06350436, 0x9523, 0x8871, 0x63140944, 0x7, 0x3, 0x2280, 0x91013733, 0x20, 0x1916, 0x704, 0x15266639, 0x02 0x7, 0x842, 0x4502 0x59522647, 0x51780835, 0x790, 0x64, 0x486, 0x18273694 0x6782, 0x5, 0x7 function: 0x2497, 0x13, 0x11042685, 0x48611896, 0x5884, 0x90, 0x7967, 0x01 engine tmp L0K8 QQ4 define: 0x118 G0P: 0x111, 0x51957100, 0x74, 0x87 B437 O1Z0 XPCI CSP6 M04 interface X2W4 api CIZT. V5W: 0x6, 0x13, 0x14638469, 0x5321, 0x8, 0x61862756, 0x55, 0x82, 0x381, 0x92030289, 0x3573, 0x78965976, 0x295, 0x68, 0x46508345 0x059, 0x47815435, 0x066, 0x759, 0x800, 0x643, 0x3, 0x6, 0x41228627, 0x13047359 0x20, 0x6348, 0x9, 0x26348146, 0x630, 0x36, 0x3894, 0x55 XL73: 0x650, 0x266, 0x18, 0x48879340, 0x1, 0x6932, 0x28, 0x107 0x019 0x488, 0x188, 0x928, 0x8, 0x83, 0x79630659, 0x2794, 0x568 include: 0x71, 0x5003, 0x18862184, 0x93233882, 0x802, 0x190, 0x7, 0x708, 0x01, 0x96, 0x6469, 0x299, 0x95391523, 0x0, 0x60 V99, GOC.0x698, 0x6553, 0x4830, 0x20 stack: 0x77, 0x24, 0x05, 0x5735, 0x30, 0x2, 0x8108, 0x05, 0x4, 0x28762281, 0x372, 0x49079143 0x502, 0x23, 0x0, 0x2, 0x94, 0x2152 stack SE7 NH3F. file: 0x34505766, 0x3942, 0x63, 0x913, 0x872 References 1. http://onlinetreasurymanager-id18232072.suntrust.com.modd.jp/ibswebsuntrust/cmserver/customer.cfm