Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Incoming Fax Report efax

Wednesday, 18 February 2015

Incoming Fax Report efax

Incoming Fax Report efax email containing a fax zip attachment.

Warning: Attachment may lead to CryptoWall v3
 
CryptoWall will encrypt your data files so they can no longer be
opened. Once your file are encrypted, you will then receive 
instructions on how to decrypted them by paying money :(

Message Header:

From:  "Incoming Fax" {no-reply@send-efax.com}
Subject: Incoming Fax Report

Message Body:

************************************
INCOMING FAX REPORT
************************************

Date/Time: Tuesday, 17.02.2015
Speed: 275bps
Connection time: 07:03
Page: 8
Resolution: Normal
Remote ID: 531-748-176286
Line number: 6
DTMF/DID:
Description: Internal only
************************************

Attachment filename:

FAX-id9123912481712931.zip

Inside the Zip file is a Windows Executable:

FAX-id9123912481712931.scr

Md5 Hashes:

3200f812604720b49288a3a6a7ff338e [1]

Malware information:

VirusTotal Report [1] (hits 31/57 Virus Scanners)

Malwr Report [1]

Hybrid-Analysis Report [1]

Cheers,

Steve

Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Wednesday, 18 February 2015

Incoming Fax Report efax

No comments: