Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an image file for the recipient. The text in the e-mail message attempts to convince the recipient to open the .zip attachment. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID4984 and RuleID4984KVR) may contain the following files:
IMG508726-JPG.zip
IMG508726-JPG.exe
The IMG508726-JPG.exe file in the IMG508726-JPG.zip attachment has a file size of 376,832 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x265C01F665CC300FB67FBEA15A98BD01
A variant of the IMG508726-JPG.exe file in the IMG508726-JPG.zip attachment has a file size of 376,832 bytes. The MD5 checksum is the following string: 0x5E113CBFDE085F772C8230F0ED3D29D4
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Message Body:
Check and reply (K)
Source: Cisco