46570). SunTrust Banks, Inc. - PSS.Phishing.suntrust.com-46570 (Awaiting official AV Signature).
This email targets customers of SunTrust Banks, Inc..
Message Details
| Malware Name: | PSS.Phishing.suntrust.com-46570 (Awaiting official AV Signature). |
| Origin: |  France |
| Date first seen: | 11/07/2007 06:51:01 |
| From: | "SunTrust Bank" <businessservice.ref00925933.nf@suntrust.com> |
| Subject: | SunTrust Bank: Online Form Released! |
Attacker's URLs
The following table shows the details of the URLs used by the attacker. These could either be the fake website of the attack, or a site which redirects to the attackers fake site. Sometimes the attacker will use an additional site for hosting resources such as images.
The table shows the current status of the site: if it is still reachable (
), or if it has been shut down (
). If the site has not been confirmed as a phishing site it is shown with the symbol 
. The time when the site was first observed is shown, together with the time that the site was shut down, if applicable. Do not visit the attackers site as it may contain malware. You can get more details on the site by clicking on the 
symbol.
| Status | First observed | Shut Down | Internet Address | URL | |
|---|---|---|---|---|---|
|
http://onlinetreasurymanager-id01745418.suntrust.com.jtmode.jp/ibswebsuntrust/cmserver/customer.cfm | ||||
|
http://onlinetreasurymanager-id01745418.suntrust.com/ibswebsuntrust/cmserver/customer.cfm |
Message Text
The text below shows the message content, rendered in a safe way. It does not show images or HTML formatting, but the text is the same as that contained in the phishing email. Each clickable link is shown as a reference. You can see the way the URL is presented in the main body of the text, while the actual URL activated by the link is shown below the main body.
Dear SunTrust Bank customer, SunTrust Client Service Team requests you to complete Online Treasury Customer Form. This procedure is obligatory for all business and corporate clients of SunTrust Bank. Please click hyperlink below to access Online Treasury Customer Form. [1]http://onlinetreasurymanager-id01745418.suntrust.com/ibswebsuntrust/cmser ver/customer.cfm Thank you for choosing SunTrust Bank for your business needs. Please do not respond to this email. This mail generated by an automated service. = 0x4161, 0x7, 0x01, 0x485, 0x789, 0x92840919, 0x9442, 0x4, 0x59, 0x78, 0x121 W7UG DLM M9P5 KJX hex source CTW dec 0x9981, 0x854, 0x661, 0x945, 0x76, 0x10 6VAB: 0x43642320 0x00373930, 0x98 0x64, 0x29793591, 0x88, 0x18, 0x416, 0x943, 0x7, 0x9376, 0x5528, 0x7727, 0x0426, 0x5971, 0x273 define: 0x62 0x95, 0x03493223, 0x3727, 0x85651616, 0x763, 0x82, 0x854, 0x90, 0x8176, 0x81, 0x2 0x3392, 0x0449, 0x1, 0x161, 0x633, 0x93001351, 0x95058807, 0x7 0x3779, 0x0 dec: 0x14, 0x0, 0x0, 0x87, 0x2615, 0x7679, 0x63788044, 0x5558 0x59076515, 0x0, 0x0, 0x021, 0x338 1NX6 0DG. N9M: 0x1697, 0x68 AIV: 0x0, 0x36, 0x97472519, 0x6917, 0x8075, 0x1913, 0x70502554, 0x325, 0x907, 0x32, 0x579 media, 4QYC, exe, 2WX8, tmp. tmp: 0x14, 0x918, 0x6, 0x700, 0x99, 0x94, 0x03, 0x22828763, 0x62399325, 0x3849, 0x03, 0x61, 0x9, 0x24957656, 0x8514 0x1, 0x25523588, 0x42593595, 0x64706462, 0x78764288, 0x04, 0x6212, 0x9788 7PB9: 0x2, 0x0322 OZ3A: 0x1209, 0x87166352, 0x1120, 0x2, 0x316, 0x07731007, 0x0 VNFJ: 0x1447, 0x152, 0x25021705, 0x23902724, 0x48, 0x2339, 0x0, 0x4543, 0x5186, 0x36 Z4S: 0x80, 0x651, 0x536, 0x34662327, 0x4, 0x886, 0x886, 0x05022274, 0x605, 0x2448, 0x413, 0x25, 0x43218477, 0x37, 0x21 0x4649, 0x8, 0x571, 0x78473426, 0x55677530, 0x33342023, 0x9726, 0x9, 0x745, 0x111, 0x03, 0x70443345, 0x8618 FFP4, T7I, dec, type, KCE.create: 0x996, 0x756, 0x83214361, 0x05613679, 0x493, 0x36, 0x04338601, 0x74, 0x90821174, 0x53268059, 0x22557210, 0x011, 0x0, 0x324 0x8569, 0x1, 0x1, 0x1, 0x1, 0x30, 0x0, 0x4, 0x6294, 0x27212844, 0x0, 0x39981152, 0x96038594, 0x12042427 WG9: 0x8, 0x63165939, 0x7896, 0x2294, 0x23, 0x9990, 0x6760, 0x20, 0x34, 0x84, 0x9152, 0x121, 0x460, 0x20993687, 0x2530 RBL BTY CHTT 8RR3 Z7X 0x7, 0x3, 0x54, 0x2298, 0x6761, 0x0, 0x17, 0x9410, 0x2550, 0x0886, 0x355, 0x5321, 0x98654483, 0x9 References 1. http://onlinetreasurymanager-id01745418.suntrust.com.jtmode.jp/ibswebsuntrust/cmserver/customer.cfm