Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a report related to a bank account for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the invoice. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5317) may contain the following files:
FraudReport_acoounid_43753985724.zip
FraudReport_acoounid_43753985724.exe
The FraudReport_acoounid_43753985724.exe file in the FraudReport_acoounid_43753985724.zip attachment has a file size of 50,688 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x2A81CB1A278F6997F0A3E95F1C877167
The following text is a sample of the e-mail message that is associated with this threat outbreak:
Subject: NW3C report
Message Body:
Dear business account owner,
You ve become a victim of fraud.
Your corporate banking account has been hacked.
All your money has been temporarily frozen and the access to the account has been blocked.
In order to get your money back you should give us the information about your latest transactions. Please download and print attached document
Faithfully yours,
ICCC
Source: Cisco