Product Requirements Inquiry Malware

21st July 2017 | By admin

Comodo threat research labs

[19 July 2017] – [Product Requirements Inquiry Malware] – SUBJECT : [#52674523 REQUIREMENTS FOR PRODUCTS]

Comodo Threat Research Labs (CTRL) identified a new phishing email, that contains a malware file, and spread to email user with subject “#52674523 REQUIREMENTS FOR PRODUCTS”.

ASSOCIATED FILES:

ZIP archive of the malware: [19 July 2017] – [PRODUCT REQUIREMENTS INQUIRY MALWARE] – 3.03 MB (3,178,496 bytes)

3152-1500381921-136063.eml 1.84 MB (1,937,408 bytes)
fgox.iea 111 MB (117,198,848 bytes)
ltbdm.smn 524 KB (536,576 bytes)
qdmlhj.exe 920 KB (942,080 bytes)

THE EMAIL:

EMAIL DATA:

Date: Mon, 17 Jul 2017 17:29:52 -0700
From: siewying@hexacon.com.sg
Subject: #52674523 REQUIREMENTS FOR PRODUCTS
In-Reply-To: <9d227cd9f889c9f97a07e75077cb1f89@hexacon.com.sg>
References: <c29d7ad128f9ad66eeae7fa886395c84@hexacon.com.sg>
<81c6127daaaf0678c8d0997be9cca2b1@hexacon.com.sg>
<9d227cd9f889c9f97a07e75077cb1f89@hexacon.com.sg>
Message-ID: <0b8fa571d9364cdaaa3d991627716620@hexacon.com.sg>
X-Sender: siewying@hexacon.com.sg

THE ATTACHMENT:

attachment

DROPPED FILE:

dropped file

EXTRACTED FILE DETAILS FOR :

extracted file

File Name : fgox.rar 372 KB (380,928 bytes)

MD5 :2a33da43cad71d086e9d42d5dc519fb0

SHA1 :c561e1430860041d388b6ded4cf02a45cdf4cdd8

SHA256 :14ee5f6f6a6925838d410d0cfb83b14127ea59ec2c45d5ef8608c7e042955c71

File Name : ltbdm.rar 524 KB (536,576 bytes)

MD5 :c24f6365258ac3cc4eb98b2b014633e6

SHA1 :b1db1af51d290763e487a42528d566f647b10360

SHA256 :23c140a976d23ff097f7c075e92439ec5872b94141b1d9fd39cc0b052ebc5aa5

File Name : qdmlhj.rar 424.1 KB ( 434272 bytes )

MD5 :dc20c6e64e7e97178660a119f5391d50

SHA1 :f261aefcdbfc2fe8323252fe42fbbc12f5ac1f0e

SHA256 :916fb2c1f223900327d0cefa3183fb68944b47acb09d2aadf165cb6947982754

TRAFFIC:

traffic

ASSOCIATED URLS:

239 188.858927 10.108.55.58 96.6.66.30 HTTP 125 GET / HTTP/1.1
243 188.948619 10.108.55.58 96.6.66.30 HTTP 125 [TCP Spurious Retransmission] GET / HTTP/1.1

FINAL NOTES:

Once again, here are the associated files:

ASSOCIATED FILES:

ZIP archive of the malware: [19 July 2017] – [PRODUCT REQUIREMENTS INQUIRY MALWARE] – 3.03 MB (3,178,496 bytes)

3152-1500381921-136063.eml 1.84 MB (1,937,408 bytes)
fgox.iea 111 MB (117,198,848 bytes)
ltbdm.smn 524 KB (536,576 bytes)
qdmlhj.exe 920 KB (942,080 bytes)