Wednesday, 18 February 2015

Incoming Fax Report efax

Incoming Fax Report efax email containing a fax zip attachment.

Warning: Attachment may lead to CryptoWall v3
 
CryptoWall will encrypt your data files so they can no longer be
opened. Once your file are encrypted, you will then receive 
instructions on how to decrypted them by paying money :(

Message Header: 
From:  "Incoming Fax" {no-reply@send-efax.com}
Subject: Incoming Fax Report
Message Body:
************************************
INCOMING FAX REPORT
************************************

Date/Time: Tuesday, 17.02.2015
Speed: 275bps
Connection time: 07:03
Page: 8
Resolution: Normal
Remote ID: 531-748-176286
Line number: 6
DTMF/DID:
Description: Internal only
************************************
Attachment filename:
FAX-id9123912481712931.zip

Inside the Zip file is a Windows Executable:
FAX-id9123912481712931.scr

Md5 Hashes:
3200f812604720b49288a3a6a7ff338e [1]

Malware  information:

VirusTotal Report [1] (hits 31/57 Virus Scanners)

Malwr Report [1]

Hybrid-Analysis Report [1]

Cheers,
Steve

No comments: