You have a new eFax from 639-469-3635 emails arriving with a clickable malware link.
Headers:
From: "eFax.com" {no_reply@inbound.efax.com}
Subject: You have a new eFax from 639-469-3635 - 1 pages
| |
Message body:
eFax Message [Caller-ID: 639-469-3635]
You have received a 3 pages fax on Thu, 23 Apr 2015 14:52:54 +0100 .
You can view your eFax online, in PDF format, by visiting :
https://www2.efax.com/documents/view_fax.aspx?utm_source=eFax&fax_type=doc&caller_id=639-469-3635
* This fax's reference # is 18389822
Thank you for using eFax!
The fake link in the message body takes you to download:
http://91.194.254.239/fax_33663232.pdf.zip | |
Inside the Zip file is a Windows Executable file:
Sha256 Hashes:
05bd60347ac7df715a2a8ca36fba996392424879804c552a2aef1d31d019147e [1]
|
Anti virus reports:
VirusTotal Report: [1] (Detection 3/57)
Malwr Report: [1]
Hybrid Analysis Report: [1] |
Cheers,
Steve
Sanesecurity.com
No comments:
Post a Comment