Naw Javascript malware: Fax transmission: -8947237532-1211276656-2016032127669-67373


MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the subject “Fax transmission: -8947237532-1211276656-2016032127669-67373”.

This email is send from the spoofed address “FX Service [emailsend@w.e220.******.com]” and has the following body:

Please find attached to this email a facsimile transmission we
have just received on your behalf

(Do not reply to this email as any reply will not be read by
a real person)

The attached file F-8947237532-1211276656-2016032127669-67373.zip contains the 8 kB large file FQJ3272114302.js.

The malware is detected as HEUR.JS.Trojan.b, JS/Agent.EA!tr, Script.Trojan-Downloader.Agent.MO@gen or Js.Trojan.Raas.Auto by 5 of the 56 AV engines at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: 51ea72cd6dae827ca7620123f3949f3049811565fc4018eb5c95e4a9e729607a

the payload is downloaded from:

hxxp://modaeli.com/89h766b.exe
hxxp://spormixariza.com/89h766b.exe
hxxp://sebastiansanni.org/wp-content/plugins/hello123/89h766b.exe
hxxp://cideac.mx/wp-content/plugins/hello123/89h766b.exe

The malware is detected by 0 of the 56 AV engines at Virus Total.

Use the Virus Total or Malwr for more detailed information.
SHA256: 297d5386665269ba7bf6589ba52817e3ea124bed9d92aa62f21ec85402b03164

One thought on “Naw Javascript malware: Fax transmission: -8947237532-1211276656-2016032127669-67373

Comments are closed.