FYI...
Fake 'EFax' SPAM - delivers Trickbot banking Trojan
- https://myonlinesecurity.co.uk/trick...email-address/
15 Nov 2016 - "An email pretending to be an EFax delivery message with the subject of 'You have recevied a message' pretending to come from Fax Scanner <scanner@ victim domain .tld> with a malicious word doc delivers the latest Trickbot banking Trojan...
Screenshot: https://i1.wp.com/myonlinesecurity.c...24%2C373&ssl=1
15 November 2016: Message efax system-1332.doc - Current Virus total detections 4/54*
Payload Security shows a download from ‘http :// www .tessaban .com/admin/images/ldjslfjsnot.png’ which is renamed by the macro script to wer5.exe and autorun (Payload Security **) (VirusTotal 9/56***)
tessaban .com 61.19.247.54 has been used for malware spreading for some time now and really needs blocking
[1] [2] [3] [4]... DO NOT follow the advice they give to enable macros or enable editing to see the content...
The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
* https://www.virustotal.com/en/file/e...is/1479191384/
** https://www.hybrid-analysis.com/samp...ironmentId=100
Contacted Hosts
78.47.139.102
193.107.111.164
81.177.13.236
185.86.77.224
*** https://www.virustotal.com/en/file/0...is/1479185920/
1] https://virustotal.com/en/url/d517f6...is/1479194525/
2] http://95.34.115.158/report.php?id=1478197500549
IP: 61.19.247.54
3] https://virustotal.com/en/url/3e835d...is/1479194687/
4] http://95.34.115.158/report.php?id=1479194667714
IP: 61.19.247.54