From: Australian Taxation Office [noreply@ato.gov.au]
Date: 19 May 2015 at 12:48
Subject: eFax message - 2 page(s)
Fax Message [Caller-ID: 408-342-0521]
You have received a 2 pages fax at 2015-05-19 08:18:16 AM EST.
* The reference number for this fax is
min2_did16-0884196800-3877504043-49.
View this fax using your PDF reader.
Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service!
Predictably, the link leads to a malicious download (this time at storage-ec2-24.sharefile.com) named Fax_00491175.zip and containing in turn a malicious executable Fax_00491175.scr.
This executable has a detection rate of 5/57. Automated analysis tools [1] [2] [3] shows that it downloads a further component from:
http://employmentrisk.com/images/1405uk77.exe
In turn, this has a detection rate of 4/57 and the Hybrid Analysis report indicates that it tries to communicate with 194.28.190.183 (AgaNet Agata Goleniewska, Poland).
Recommended blocklist:
employmentrisk.com
194.28.190.183
MD5s:
a6aa82995f4cb2bd29cdddedd3572461
b3b483c10d4f7eacd7cfa42f604968f8
No comments:
Post a Comment