Description
Cisco Security Intelligence Operations has detected significant activity related to Portuguese-language spam e-mail messages that claim to contain a debt collection notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the link and view the details. However, the link contains a .zip file containing a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5353) may contain the following files:
2viaBoleto.zip
2viaBoleto.exe
The 2viaBoleto.exe file in the 2viaBoleto.zip archive has a file size of 695,808 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xE1E1440B1295A822CF94ABE2B7AEFA24
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: SUSPECT: boleto vencido mais de 10 dias
Message Body:
Informo que o boleto com vencimento em 29/01 no valor de R$1.048,00 não foi pago.
Estou enviando em anexo 2ª via do boleto atualizado para pagamento.
ATENÇÃO: Caso o mesmo não seja pago em até 5 dias ele será enviado a protesto.
Boleto: http://50.19.205.213/2viaBoleto.zip
Tenha um bom dia
Source: Cisco