Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an order and transfer slip notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5555) may contain any of the following files:
Order and Transfer slip.zip
Wire Tranfer.exe
The Wire Tranfer.exe file in the Order and Transfer slip.zip attachment has a file size of 193,122 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xCC99E4EE284E19CF70D5C29310482EB7
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Re: order and transfer slip
Message Body:
We have attached our orders, product samples and transfer slip of $14,780 to this email. Please check the attachment and get back to us .Best Regards,
Admin Office.
Source: Cisco