HSBC themed phishing

NOTE: Information is based on a sample of HSBC themed phishing email seen on 2013-07-15

-------------------------------------------------------------------
From: "HSBC.co.uk" <service@hsbc.co.uk>
Subject: Unable to process your most recent Payment
Attachment: "HSBC_Payment_07152013.zip"

Body:
You have a new e-Message from HSBC.co.uk. This e-mail has been sent to you to inform you that we were unable to process your most recent payment.Please check attached file for more detailed information on this transaction.Pay To Account Number: **********10 Due Date: 10/07/2013 Amount Due: $ 597.66 IMPORTANT: The actual delivery date may vary from the Delivery by date estimate. Please make sure that there are sufficient available funds in your account to cover your payment beginning a few days before Delivery By date estimate and keep such funds available until the payment is deducted from your account. If we fail to process a payment in accordance with your properly completed instructions, we will reimburse you any late-payment-related fees.

Copyright HSBC 2013. All rights reserved. No endorsement or approval of any third parties or their advice,  opinions, information, products or services is expressed or implied by  any information on this Site or by any hyperlinks to or from any third  party websites or pages. Your use of this website is subject to the terms and conditions  governing it. Please read these terms and conditions before using the website..
-------------------------------------------------------------------

MD5s
ZIP: dded1fe4a26b542f67c06da50445321f
EXE: a467baa1cf081ce1d9f2d163a4677594 - https://www.virustotal.com/en/file/467bb750ac5c40c2ef430025c12ace53e7a5792dcf6d2afba9cac166e830ee44/analysis/

GETs:
liltommy.com/ep9C.exe
video.wmd-brokerchannel.de/qAz575t.exe
www.oh-onlinehelp.com/Pefyi.exe
www.wineoutleteventspace.com/7UNFVh.exe

POSTs:
alabamaenergysuppliers.com/ponyb/gate.php
arizonaenergysuppliers.com/ponyb/gate.php
dharmaking.net/ponyb/gate.php
dharmaking.org/ponyb/gate.php