Fake email “Fax to” contains trojan

MX Lab, http://www.mxlab.eu, started to intercept a new trojan distribution campaign by email with the subject “Fax to”.

This email is send from a spoofed address and has the following body:

Fax Massege:
Fax ID: 1500566473
User ID: 429286424

The attached file fax-1500566473_429286424.zip contains the 148 kB large file Document_invoice.exe.

The trojan is known as Downloader-FAVN!A43A201F788E, Trj/Genetic.gen, PE:Malware.Obscure!1.9C59 or Win32.Trojan.Fakedoc.Auto.

At the time of writing, 4 the 57 AV engines did detect the trojan at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: ee8aa66263e0c8249903efd4ed467b4666a0e8c7347a52826f786da91d1f247b

One thought on “Fake email “Fax to” contains trojan

Comments are closed.