Tuesday, 21 April 2015

New Fax - "UK2Fax" {fax2@fax1.uk2fax.co.uk}

Important - Internal ONLY Administrator emails...

Headers:
Subject: New Fax - {random}
From: "UK2Fax" {fax2@fax1.uk2fax.co.uk}

Subject: New Fax - 02724381)
Subject: New Fax - 0800 200 400)
Subject: New Fax - 0845 3000 000)
Subject: New Fax - 08457 404 404)
Subject: New Fax - 08457 555 555)
Subject: New Fax - 3901535011)
Subject: New Fax - 800031031)
Subject: New Fax - 800050606)
Subject: New Fax - 800273336)
Subject: New Fax - 800312316)
Subject: New Fax - 800575757)
Subject: New Fax - 800837455)
Message body:
UK2Fax Fax2Email : New fax attached, received at 21/04/2015 10:21:29 GMT
Attached to the email is a Zip file:
FAX_117_849721.zip
Inside the Zip file is a Windows Executable file (Note: filename is random)
FAX_117_849721.exe
Sha256 Hashes:
71ff5e3c9e74f6cad1d405b2172a76527396b05fa7767cf85be58da06c68fd28  [1]
Anti virus reports:
VirusTotal Report: [1] (Detection 3/56)
Malwr Report: [1]

Cheers,
Steve
Sanesecurity.com

No comments: