Description
Cisco Security Intelligence Operations has detected significant activity related to Portuguese-language spam e-mail messages that claim to contain a debt collection notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5440) may contain any of the following files:
Boletoap13.zip
Boletoap13.exe
The Boletoap13.exe file in the Boletoap13.zip attachment has a file size of 65,536 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x235F8DFD89FB2D8B2D6F5247FC3DB825
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: 19:43:48-Problemas na confirmação
Message Body:
Prezado(a) Cliente,
Não indentificamos o Pagamento do Boleto - 008291/2013.
Kelen Santos
Departamento de Cobranças
Obs.: Clique no arquivo em anexo para visualizar Boleto.
Source: Cisco