Headers:
From: "eFax" {message@inbound.efax.com}
Subject: Corporate eFax message from "00-800-5846-2440" - 5 pages
Message body:
Fax Message [Caller-ID: 00-800-5846-2440]
You have received a 5 page fax at 2015-16-03 07:45:04 AM EST.
* The reference number for this fax is chd_did9-00955552040-35984625741-110.
View this fax using your PDF reader.
Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service!
Attached is a Zip file:
Inside the Zip is a Windows Executable:
fax_0101_16032015_294182764188912.pdf.zip
fax_0101_16032015_294182764188912.pdf.exe
Sha256 Hashes:
077f0540661839b4dbf831789f920c44ca70c292b7f2afe83924d788f29b1b8a [1]
Malware Information:
Description:
VirusTotal Report [1] (hits 3/57 Virus Scanners)
Malwr Report [1]
Hybrid Analysis Report [1]
The malware in the zip is
Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.
It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwidth.
Cheers,
Steve
Sanesecurity.com
No comments:
Post a Comment