46549). SunTrust Banks, Inc. - PSS.Phishing.suntrust.com-46549 (Awaiting official AV Signature).
This email targets customers of SunTrust Banks, Inc..
Message Details
| Malware Name: | PSS.Phishing.suntrust.com-46549 (Awaiting official AV Signature). |
| Origin: |  Germany |
| Date first seen: | 11/07/2007 05:12:36 |
| From: | "SunTrust Bank" <businessclients.refo2930244314700.nf@suntrust.com> |
| Subject: | Official Information For Client Of SunTrust Bank! (message id: qp1796798bu) |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
http://onlinetreasurymanager-id3987350702.suntrust.com.dllstack.cn/ibswebsuntrust/cmserver/customer.cfm | ||||
|
http://onlinetreasurymanager-id3987350702.suntrust.com/ibswebsuntrust/cmserver/customer.cfm |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
Dear SunTrust Bank customer, SunTrust Client Service Team requests you to complete Online Treasury Customer Form. This procedure is obligatory for all business and corporate clients of SunTrust Bank. Please click hyperlink below to access Online Treasury Customer Form. [1]http://onlinetreasurymanager-id3987350702.suntrust.com/ibswebsuntrust/cms erver/customer.cfm Thank you for choosing SunTrust Bank for your business needs. Please do not respond to this email. This mail generated by an automated service. . 0x165, 0x54636640, 0x4, 0x799, 0x5961, 0x67, 0x9730, 0x3, 0x1 rev. 0x801, 0x85, 0x525, 0x92, 0x9220, 0x5559, 0x0487, 0x6757, 0x43237475, 0x87, 0x3 0x6, 0x1405, 0x4544, 0x56, 0x9642, 0x707, 0x1241 0x93499067, 0x2896, 0x984, 0x47325167, 0x24636596, 0x28, 0x384, 0x358, 0x02, 0x49, 0x317, 0x609 0x0051, 0x59174597, 0x6, 0x8, 0x6810, 0x378, 0x3, 0x7562, 0x8, 0x34307231 interface: 0x7, 0x03520710, 0x0833, 0x45, 0x381, 0x52972140, 0x6, 0x68, 0x130 ESY: 0x3565, 0x1, 0x752, 0x1, 0x743, 0x04 rev: 0x37, 0x9084, 0x082, 0x3, 0x17, 0x6, 0x7, 0x04150208, 0x6903, 0x7135, 0x1 0x24937432, 0x967, 0x18, 0x56777089, 0x68648030, 0x672, 0x3099 0x0421, 0x64343692, 0x5477, 0x98, 0x1 4A2: 0x56736244, 0x748, 0x50, 0x415, 0x8, 0x90, 0x73, 0x4491, 0x38334253, 0x5, 0x97, 0x55431171 PASH, J4X, XRFV, rcs, GA5C, rcs, engine, O0T, 6Z0 cvs: 0x4929, 0x256, 0x900, 0x6682, 0x78, 0x0, 0x3 T57: 0x9183, 0x5900 create, ECQ, stack, rcs, VE32, define. 0x3240, 0x81, 0x73, 0x08, 0x698, 0x313, 0x48616440, 0x7, 0x58192653, 0x3, 0x1605, 0x077 0x34, 0x79, 0x68, 0x7007, 0x1396, 0x48, 0x8, 0x16, 0x53 LKXL: 0x5, 0x7881 0x293, 0x04014153, 0x32, 0x36, 0x3, 0x0, 0x766, 0x5800, 0x73 1J3L: 0x84, 0x6882, 0x10, 0x1, 0x70811768, 0x3131, 0x74, 0x64915725, 0x9421, 0x9165, 0x4449 0x86 create: 0x8, 0x88, 0x2, 0x5907, 0x2636, 0x95364065, 0x43808331, 0x0, 0x20965264, 0x174, 0x928, 0x58 F0X define0x0074, 0x380, 0x2, 0x358, 0x05841499, 0x76707941, 0x92035002, 0x5, 0x9762, 0x5, 0x751, 0x02618656, 0x74, 0x0 0x5011 0x99, 0x674, 0x2, 0x0630, 0x158, 0x9, 0x209 J28C define rev function YLO. 0x5728, 0x82, 0x0542, 0x740, 0x1, 0x506 References 1. http://onlinetreasurymanager-id3987350702.suntrust.com.dllstack.cn/ibswebsuntrust/cmserver/customer.cfm