Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a money transfer notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .rar attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5495) may contain any of the following files:
1362286667.rar
1362286667.exe
The 1362286667.exe file in the 1362286667.rar attachment has a file size of 1,148,364 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x3CFD5E491CF115190DEC3088A969AC9F
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: FW: USD TRANSFER
Message Body:
Tilottoma Group
Source: Cisco