Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a copy of a money transfer receipt for the recipient. The e-mail message instructs the recipient to open the .zip attachment to view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5074) may contain any of the following files:
TT COPY.zip
TT COPY.exe
The TT COPY.exe file in the TT COPY.zip attachment has a file size of 444,955 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x3E346DE1E4B940D0F4F285B8420EAF82
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Re: Swift copy of the advance payment
Message Body:
Hello,
Please find 30% down payment. Will send balance after receiving BL
Best regards,
Mr.Ding Qing,
Shanghai HESN Import & Export Co., Ltd
Source: Cisco