French Commercial Proposal Malware

29th June 2017 | By admin

Comodo Threat Reserach

[28 June 2017] – [French Commercial proposal Malware] – SUBJECT : [Dossier M978885982A -]

Comodo Threat Research Labs (CTRL) identified a new phishing email, that contains a malware file, and spread to email user with subject “Dossier M978885982A -”.

ASSOCIATED FILES:

ZIP archive of the malware: [28 June 2017] – [FRENCH COMMERCIAL PROPOSAL MALWARE] – 1.35 MB (1,421,312 bytes)

  • 6926fb5d-ee42-443e-867a-af480c01f96b.eml 16.0 KB (16,384 bytes)
  • FACTURE_0413.wsf 20.0 KB (20,480 bytes)
  • BXAPatevRMe10.exe 396 KB (405,504 bytes)
  • BXAPatevRMe10 396 KB (405,504 bytes)

THE EMAIL:

Email Research
EMAIL DATA:

  • from: EVRARD@maif.fr
  • Message-ID: <2103262009.428.1029142375933.JavaMail.admatc@slapp714>
  • Subject: Dossier M978885982A –
  • MIME-Version: 1.0
  • Date: Tue, 27 Jun 2017 19:42:42 +0600
  • Content-Type: multipart/mixed;

THE ATTACHMENT: 

Email Data

DROPPED FILE:

4

EXTRACTED FILE DETAILS FOR BXAPatevRMe10.EXE:

Data

File Name : BXAPatevRMe10.exe 396 KB (405,504 bytes)
MD5 :745d9e02af75fcfba39dd20ed9f8d806
SHA1 :851736d63efff15ef670433de8340e35d2a64767
SHA256 :edf609ac4f18c0340570170fbc7a6d27505fdb79add69d5916038a36bfa4bbf4
File Name : BXAPatevRMe10 396 KB (405,504 bytes)
MD5 :51c3a67bc5045ce6dde016cdffbfd158
SHA1 :53322f619c4d9b71ee080fa2ae2dd8e86f7c817e
SHA256 :bff8f75d4984bfc5c3077e2321858a4ab9925b767ad4239af35e84072e37dc4a

TRAFFIC:

6

ASSOCIATED URLS:

  • 169 65.989685 10.108.55.58 156.154.113.36 HTTP 311 GET /jYGUFye7??PUgDpi=zCNkhSAUxU HTTP/1.1
  • 180 66.642938 10.108.55.58 156.154.113.36 HTTP 325 GET /af/jYGUFye7?PUgDpi=zCNkhSAUxU HTTP/1.1
  • 207 73.562848 10.108.55.58 156.154.113.36 HTTP 320 GET /af/jYGUFye7?PUgDpi=zCNkhSAUxU HTTP/1.1
  • 218 74.776525 10.108.55.58 175.126.195.54 HTTP 404 GET /jYGUFye7??PUgDpi=zCNkhSAUxU HTTP/1.1

VALKYRIE FOR REFERENCE:

File name:BXAPatevRMe10.exe
https://valkyrie.comodo.com/fvs_again?sha1=851736d63efff15ef670433de8340e35d2a64767

FINAL NOTES:
Once again, here are the associated files:

ASSOCIATED FILES:

ZIP archive of the malware: [28 June 2017] – [FRENCH COMMERCIAL PROPOSAL MALWARE] – 1.35 MB (1,421,312 bytes)

  • 6926fb5d-ee42-443e-867a-af480c01f96b.eml 16.0 KB (16,384 bytes)
  • FACTURE_0413.wsf 20.0 KB (20,480 bytes)
  • BXAPatevRMe10.exe 396.0 KB (405,504 bytes)
  • BXAPatevRMe10 396.0 KB (405,504 bytes)
Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now