Sponsored by..

Thursday, 22 January 2015

Yet more MyFax malware spam

There's another batch of "MyFax" spam going around at the moment, for example:

From:    MyFax [no-replay@my-fax.com]
Date:    22 January 2015 at 15:08
Subject:    Fax #4356342

Fax message

Sent date: Thu, 22 Jan 2015 15:08:30 +0000
Clicking the link leads to a page like this:

The download leads to an EXE-in-ZIP download which is a little different every time [1] [2] [3] [virustotal]. Detection rates are around 6/55.

The Malwr report shows communication with the following URLs:

Of these is the essential one to block traffic to, belonging to Excell Media Pvt Ltd in India. A file axybT95.exe is also dropped according to the report, which has a detection rate of 7/48.

I haven't seen a huge number of these, the format of the URLs looks something like this:

1 comment:

theHERB said...

More files associated with risk:


Hash for both:97ab139588ee98d140143f606115165e