Wednesday, 1 April 2015

New Fax Message id

New Fax Message id email with a zip attachment...


From: FAX 
Subject: New Fax

Message body:
Message id: snwjrP_769035.
Sent date: Wed, 01 Apr 2015 10:21:45 +0100.

There's a Zip file attached to the email:

Inside the Zip file is a Windows Executable file:
Sha256 Hashes:
8588df376e110cc493c03db784c750c2210d7f83c8afe08fff96659c37f2a6b9 [1]

Malware Anti-Virus Reports:
VirusTotal Report [1] (hits 2/57 Virus Scanners) (Upatre)
Malwr Report [1]
Hybrid Analysis Report [1]

 The malware in the zip is a trojan downloader largely referred to as Upatre. 

This downloader will then probably download it's parter in crime

Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.

It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwidth.



Anonymous said...

thank you just got an email like that

Anonymous said...

Thanks, I looked here before opening, am now deleting!

Anonymous said...

What do we do if someone opened the zip file?

juff said...

I'm techie at
Yesterday there was some kind of spam attack with a malicious payload - we received over 3 Million of them on our servers
The attack did not originate from us.