Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a wire transfer notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the copy of the receipt. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5408) may contain the following files:
Receipt of payment _id8477290378424.zip
Receipt of payment _id8477290378424.exe
The Receipt of payment _id8477290378424.exe file in the Receipt of payment _id8477290378424.zip attachment has a file size of 46,592 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x2A80303692626E537DF2625154815E6E
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Transaction is completed
Message Body:
WIRE transaction is completed. $3862 has been successfully transferred.
If the transaction was made by mistake please contact our customer service.
Receipt of payment is attached.
*** This is an automatically generated email, please do not reply ***
Source: Cisco