Friday, 27 February 2015

eFax message from "unknown" - 1 page(s), Caller-ID: 1-219-972-8538

eFax message from "unknown" - 1 page(s), Caller-ID: 1-219-972-8538 using a FAX_20150226_1424989043_176.zip

Headers:
From: message@inbound.efax.com
Subject: eFax message from "unknown" - 1 page(s), Caller-ID: 1-219-972-8538
Message body:


Attached is a Zip file:
FAX_20150226_1424989043_176.zip
Inside the Zip is a Windows Executable:
fax_2342FAX_20150226_1424989043_176.exe

Sha256 Hashes:
de32206ccde1b20a944c5ac4c49a565d9d65ba4786bacc37aa18c2ca7d83b39f  [1]

Malware Information:

VirusTotal Report [1] (hits 6/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]
Description:
The malware in the zip is a trojan downloader largely referred to as Upatre. 

This downloader will then probably download it's parter in crime
Dyre.

Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.

It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwidth.


Cheers,

Steve
Sanesecurity.com

3 comments:

Laura said...

Thank you!

Anonymous said...

Thanks!

Anonymous said...

It has come to our attention that our fax number was used in a spam e-fax email with an attachment that may contain a virus. This email did not originate from our company, but rather our fax number was used without our knowledge or consent. We have no knowledge where the email originated, therefore the situation is out of our control. We apologize for any inconvenience this has caused. Please disregard the email and do not open.

Thank you,