Thursday, 29 January 2015

INTERNAL FAX You have received a new fax

INTERNAL FAX You have received a new fax email being spammed containing a Zip file


Message Header:


From: "INTERNAL FAX" {fax@bbc.co.uk}
Subject: You have received a new fax

You have received fax from EPSON91208382 at

Scan date: Thu, 29 Jan 2015 06:40:24 -0600

Number of page(s): 28

Resolution: 400x400 DPI

Name: fax167087861.pdf

_________________________________
Attached file is scanned image in PDF format
 Attachment filename:

fax167045861_pdf.zip
Inside Zip file: Windows Executable (double extension)

fax167987861_pdf.scr

Md5 Hashes:
31ee9b03837f432faaa259cf0c15e94a    [1]

Malware  information:

VirusTotal Report [1] (hits 1/57 Virus Scanners)

Malwr Report [1]

  • Performs some HTTP requests
  • The binary likely contains encrypted or compressed data.
  • Steals private information from local Internet browsers
  • Creates an Alternate Data Stream (ADS)
  • Installs itself for autorun at Windows startup

Hybrid-Analysis Report [1]

Cheers,
Steve

No comments: