Monday, 7 December 2015

Interfax Online You have new fax, document 00289305 javascript malware.

Description:


Interfax Online You have new fax, document 00289305 javascript malware.

Headers:

Subject: You have new fax, document 00289305
Date: Sat, 5 Dec 2015 00:00:56 -0600
From: "Interfax Online" {incoming@interfax.net}

Message Body:


You have received a new fax.

You can find your fax document in the attachment.

Date:              Fri, 4 Dec 2015 20:13:12 +0300
Scan quality:      500 DPI
Scanned by:        Gabriel Henry
Fax name:          document-00289305.doc
Scanned in:        10 seconds
File size:         176 Kb
Number of pages:   4

Thanks for choosing Interfax!

Attachment filename(s):



document-00289305.zip

Name inside File:


document-00289305.doc.js


Sha256 Hashes:

67b263ed8bdf5939eed98d522f56af842666bd02cc1d3d6e6d8c972d5f6f9ca7 [1]


Malware Virus Scanner Report(s):

VirusTotal Report: [1] (detection 16/55)
Hybrid Analysis Report: [1]

Sanesecurity Signature detection(s):


foxhole_filename.cdb: Sanesecurity.Foxhole.Zip_docjsnum511
phish.ndb: Sanesecurity.Malware.25884.JsHeur

Important notes:


It's also worth remembering that the company itself  may not have any knowledge of this faked email and any link(s) or attachment in the email normally won't have come from their servers or IT systems but from an external bot net.

These bot-net emails normally have faked email headers/addresses.

It's not advised to ring/email the the company themselves, as there won't really be anything they can do to help you or to stop the emails being spread.



Cheers,
Steve

No comments: