RapidFax Alert with attached ZIP file contains trojan

MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subjects:

Inbound Fax
RapidFAX: Inbound Fax
RapidFax: New Inbound Fax

The email is send from the spoofed address “RapidFax Alert” and has the following body:

The attached ZIP file has the name rapidfax-E4C935577EDD.zip and contains the  117 kB large file RapidFAX_MCID_000_LOTS_OF_NUMBERS__13341.pdf.exe.

The trojan is known as UDS:DangerousObject.Multi.Generic or Trojan.Lameshield.

At the time of writing, only 2 of the 46 AV engines did detect the trojan at Virus Total.

Virus Total permalink and SHA256: 67e706acd75e84d5ed4590baf15161281dce174a897512f2216e2330353e7001.

4 thoughts on “RapidFax Alert with attached ZIP file contains trojan

  1. I just received one of these emails today and the sender address was RapidFAX Notifications . The attachment did not come through even though it looks like it has one in my inbox.

Comments are closed.