Description
Cisco Security Intelligence Operations has detected significant activity related to Portuguese-language spam e-mail messages that claim to contain a bank deposit notification for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the details. However, the .zip attachment contains a malicious .cpl file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5322) may contain any of the following files:
Comprovante do Deposito.zip
Comprovante do Deposito.cpl
The Comprovante do Deposito.cpl file in the Comprovante do Deposito.zip attachment has a file size of 299,264 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0x68E0B301C2DA2AE21C806DDD2BE9F526
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: Fiz o Deposito na sua conta, confere o anexo.
Message Body:
Fui no banco hoje e fiz o deposito na sua conta, por favor confere o recibo no anexo..
Comprovante
Source: Cisco