Wednesday, 14 January 2015

INCOMING FAX REPORT malware

INCOMING FAX REPORT malware in the form of a html email, with an attached ZIP file.

Headers:
Date: Wed, 14 Jan 2015 09:42:22 +0800
From: "Incoming Fax" {no-reply@}
Subject: INCOMING FAX REPORT : Remote ID: 495-768-4745
Message body:

*********************************************************
INCOMING FAX REPORT
*********************************************************

Date/Time: Wed, 14 Jan 2015 09:42:22 +0800
Speed: 4801bps
Connection time: 02:06
Pages: 0
Resolution: Normal
Remote ID: 486-214-1247
Line number: 1
DTMF/DID:
Description: Internal Docs

Fax message attached in PDF format (Adobe Photoshop).
Attached to the email is a ZIP file:
FaxMessage69831_82741-84712.pdf.zip

On the Windows machine, Inside the zip, is Windows executable (Note the dual extension)
FaxMessage69831_82741-84712.pdf.scr

Md5 Hashes:
d54494741cfc549942c5e79a1213f200

Malware Information:

VirusTotal Report [1]
(hits 26/57 Virus Scanners)

Malwr Report [1]

Summary:






Cheers,

Steve
Sanesecurity.com

No comments: