Wednesday, 1 April 2015

New Fax Message id no-replay@fax.co.uk

New Fax Message id no-replay@fax.co.uk email with a zip attachment...

Headers:

From: FAX 
Subject: New Fax

Message body:
Message id: snwjrP_769035.
Sent date: Wed, 01 Apr 2015 10:21:45 +0100.

There's a Zip file attached to the email:
snwjrP_769035.zip

Inside the Zip file is a Windows Executable file:
Reference.exe
Sha256 Hashes:
8588df376e110cc493c03db784c750c2210d7f83c8afe08fff96659c37f2a6b9 [1]

Malware Anti-Virus Reports:
VirusTotal Report [1] (hits 2/57 Virus Scanners) (Upatre)
Malwr Report [1]
Hybrid Analysis Report [1]

 The malware in the zip is a trojan downloader largely referred to as Upatre. 

This downloader will then probably download it's parter in crime
Dyre.

Dyre, is Zeus-like banking Trojan, which is trying to capture as much information about your online banking details as possible.

It's also being used to then send out the same malware to everyone else by using your own copy of outlook and your bandwidth.


Cheers,
Steve
Sanesecurity.com

4 comments:

Anonymous said...

thank you just got an email like that

Anonymous said...

Thanks, I looked here before opening, am now deleting!

Anonymous said...

What do we do if someone opened the zip file?

juff said...

I'm techie at fax.co.uk
Yesterday there was some kind of spam attack with a malicious payload - we received over 3 Million of them on our servers
The attack did not originate from us.