Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a money transfer notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the transfer details. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5256) may contain any of the following files:
ACH_Batch0702197.zip
ACH_Batch.exe
The ACH_Batch.exe file in the ACH_Batch0702197.zip attachment has an approximate file size of 132,096 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xF428D7302603093F45A45671F79C87D6
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Fw: ACH Batch Download Notification - Batch ID#: 0702197
Message Body:
ACH Batch Download Notification - Batch ID#: 0702197
Source: Cisco