Sanesecurity ClamAV blog: zero hour malware, phishing and scams: Incoming Fax Incoming.Fax IncomingFax.zip

Tuesday 10 March 2015

Incoming Fax Incoming.Fax IncomingFax.zip

Incoming Fax Incoming.Fax IncomingFax.zip

Headers:

From: "Incoming Fax" {Incoming.Fax
Subject: Incoming Fax

Message body:

*********************************************************
INCOMING FAX REPORT
*********************************************************

Date/Time: Tue, 10 Mar 2015 10:45:28 +0100
Speed: 4683bps
Connection time: 07:03
Pages: 2
Resolution: Normal
Remote ID: 897-436-3754
Line number: 2
DTMF/DID:
Description: Internal only

To download / view please download attached file

*********************************************************

Attached is a Zip file:

IncomingFax.zip

Inside the Zip is a Windows Executable:

IncomingFax.exe

Sha256 Hashes:

042e9e1be74fcd23d72860a01374f531bd5e5f0c20ddf992aef97572a1b66d6d [1]

Malware Information:

VirusTotal Report [1] (hits 2/57 Virus Scanners)

Malwr Report [1]

Hybrid Analysis Report [1]

Description:

The malware in the zip is a trojan downloader largely referred to as Upatre.

This downloader will then probably download it's parter in crime Dyre.

Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.

It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwidth.

Cheers,

Steve
Sanesecurity.com

Sanesecurity ClamAV blog: zero hour malware, phishing and scams

Amazon3

Pages

Amazon

Tuesday 10 March 2015

Incoming Fax Incoming.Fax IncomingFax.zip

No comments: