Thursday, 22 January 2015

MyFax Fax message - fake malware

Alert Summary:
MyFax Fax message email contains a link, if clicked auto-downloads a malicious Zip file

Headers: (Note: the Fax Ref is random)
From: "MyFax" {}
Subject: Fax #4437781
Message body:
Fax message
Sent date: Thu, 22 Jan 2015 14:53:17 +0000

Links to website....

Once you arrive at the site an auto-download of a zip file takes place:
Inside the Zip file is a windows executable:
MD5 Hashes:
be2ebc60c9386b1a550be26a4d5fbe55  [1]
Malware Information:
VirusTotal Report [1] (hits 5/55 Virus Scanners)

Hybrid Analysis Report  [1]

Malwr Report [1]


  • Performs some HTTP requests
  • Steals private information from local Internet browsers
  • Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)
  • Creates an Alternate Data Stream (ADS)
  • Installs itself for autorun at Windows startup



No comments: