Sanesecurity ClamAV blog: zero hour malware, phishing and scams: MyFax Fax message

Thursday, 22 January 2015

MyFax Fax message - fake malware

Alert Summary:

MyFax Fax message email contains a link, if clicked auto-downloads a malicious Zip file

Headers: (Note: the Fax Ref is random)

From: "MyFax" {no-replay@my-fax.com}
Subject: Fax #4437781

Message body:

Fax message

http://79.96.0.123/_.RECEIVED_FAX/incoming_letter.html
Sent date: Thu, 22 Jan 2015 14:53:17 +0000

Links to website....

http://79.96.0.123/_.RECEIVED_FAX/incoming_letter.html

Once you arrive at the site an auto-download of a zip file takes place:

fax_message92386.zip

Inside the Zip file is a windows executable:

fax_message37690.exe

MD5 Hashes:

be2ebc60c9386b1a550be26a4d5fbe55 [1]

Malware Information:

VirusTotal Report [1] (hits 5/55 Virus Scanners)

Hybrid Analysis Report [1]

Malwr Report [1]

Summary:

Performs some HTTP requests

Steals private information from local Internet browsers

Collects information to fingerprint the system (MachineGuid, DigitalProductId, SystemBiosDate)

Creates an Alternate Data Stream (ADS)

Installs itself for autorun at Windows startup

Cheers,

Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Thursday, 22 January 2015

MyFax Fax message - fake malware

No comments: