Headers:
From: {message@inbound.efax.com}
Subject: eFax message from "POTS modem 2 " - 1 page(s), Caller-ID: 1-630-226-2563
Message body:
Attached is a Zip file:
Inside the Zip is a Windows Executable:
FAX_20150311_1426082680_127.zip
FAX_20150311_1426082680_127.exe
Sha256 Hashes:
8dbbaec774a42e18f369c2bf947a64d03728749b57fad7f46a80ea1ac396af7f [1]
Malware Information:
Description:
VirusTotal Report [1] (hits 2/57 Virus Scanners)
Malwr Report [1]
Hybrid Analysis Report [1]
The malware in the zip is
Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.
It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwidth.
Cheers,
Steve
Sanesecurity.com
15 comments:
I just received the same thing, and didn't open it, but I am waiting for a payment from an overseas company I didn't want to throw it out. So I googled the number and found your post. Thank you!
Perfect. Thank you and Google Mail filters.
Thank you for the details and Google Mail for filtering this crap.
just got it at work, junked it immediately, of course, always interesting to see what it is
Just received an hour ago, shortly after using DHL and providing a payment to them. Is this the same for you all as well
Just got to too. Glad this is here. Fast find.
I also called the phone number, which is disconnected.
Yes, Thanks for this post!
One here. They are busy today.
Got one this morning too
Thanks for telling us that it is malware. I was pretty sure but now know for sure.
Yikes!! I received this email this morning. I downloaded the zip file and scanned it with Microsoft Essentials, IoBit Malware Fighter and no problem identified. When I clicked on the zip file, it opened and I saw the content for a brief moment then it evaporated. No sign of the email or the file on my computer. Then I found this blog. I just ran a scan with MalwareBytes - nothing found. Any suggestion will be appreciated. I am worried.
Yup, they got it to me too. Thanks for having the info. Nice to see others doing the search, just think how many don't.
Just got one of these (using a pdf file) this morning. Saw the phone(fax) number and after Googling it I found this page. Thanks for confirming it's a phishing scam.
Thank you for posting great detail. Just got it on my husband's business account. Did not open it.
Keep up the great work!
Post a Comment