Thursday, 16 April 2015

user fax "please fax" with zip attachment

user fax "please fax" with zip attachment... with a link to download a zip file...

Headers:
From: user {random email}
Subject: Fax {random}
Message body:
Please fax.
 From: {random domain}
To: {random address}
ID: {random}
Type: ZIP
Attached to the email is a Zip file (Note: filename is random}
zHdO1d058.zip
Inside the Zip file is a Windows Executable file:
Day.exe  or Fax.exe or  Fax_msg.exe or Ms.exe
Sha256 Hashes:
71dbed1dd1a6f7902159eb96a632c0e9bb7256fd074366fcadda5df557da8d32   [1]
c5ab9edebc06eea96dc756addbcdbd9f081174a741961162e9cc9ac35842173f   [2]
5fe20846526dbde271f998ea335b248bed4eefc99647c4a6350fd8456737004f  [3]
e53018af064cc172c893aba5825d6a6888c75204ba53e6c4786e85341f71b3a5  [4]

Malware Anti-Virus Reports:
VirusTotal Report: [1] (hits 2/57 Virus Scanners)
Malwr Report: [1]
Hybrid Analysis Report: [1]

Cheers,
Steve
Sanesecurity.com

No comments: