Description
Cisco Security Intelligence Operations has detected significant activity related to German-language spam e-mail messages that claim to contain contract information for the recipient. The text in the e-mail message attempts to persuade the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5131) may contain the following files:
wichtige_information_2013.zip
wichtige_information_2013_D7F68HUYF76D8F7YDFT56D787FY6T5D7F89GY7T6D56F578
DFGTFRD567YUBVTCED45678IUNBYVTRE4567YUYBVTRC4ED567YUHTR4ED5678U76T
5R4E3D5F6GYHUJYHGT65R4EDRFTGYHUJYHT65R4ERFTGY_info_2012.exe
The wichtige_information_2013_D7F68HUYF76D8F7YDFT56D787FY6T5D7F89GY7T6D56F578DFGTFRD567YUB
VTCED45678IUNBYVTRE4567YUYBVTRC4ED567YUHTR4ED5678U76T5R4E3D5F6GYHUJYHGT65R4EDRFTGY
HUJYHT65R4ERFTGY_info_2012.exe file in the wichtige_information_2013.zip attachment has a file size of 668,672 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xFD10D0BE378E8258E68F59CCD7D18F4F
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Unterlagen
Message Body:
Sehr geehrte Damen und Herren,
anbei finden Sie Unterlagen zu Ihrem Vertrag.Bitte ?berpr?fen Sie die Angaben.Der Widerrufsrecht betr?gt 14 Tage nach Erhalt der Unterlagen.
Vielen Dank im Voraus
MfG
Herr Heines
Source: Cisco