Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an invoice payment notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5437) may contain any of the following files:
slip1.zip
slip1.exe
The slip1.exe file in the slip1.zip attachment has a file size of 247,296 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x2B3313D5ACC12726DA8FE567FBB21EB2
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Re: Payment For Invoice
Message Body:
Hello,
I am sending this email in regards to the Invoice of your client through our bank. Please find the attached payment slip.
Regards,
Mr Wembly George.
Source: Cisco