Product Requirements Inquiry Malware

21st July 2017 | By admin

Comodo threat research labs

 

[19 July 2017] – [Product Requirements Inquiry Malware] – SUBJECT : [#52674523 REQUIREMENTS FOR PRODUCTS]

Comodo Threat Research Labs (CTRL) identified a new phishing email, that contains a malware file, and spread to email user with subject “#52674523 REQUIREMENTS FOR PRODUCTS”.

ASSOCIATED FILES:

ZIP archive of the malware: [19 July 2017] – [PRODUCT REQUIREMENTS INQUIRY MALWARE] – 3.03 MB (3,178,496 bytes)

  • 3152-1500381921-136063.eml 1.84 MB (1,937,408 bytes)

  • fgox.iea 111 MB (117,198,848 bytes)

  • ltbdm.smn 524 KB (536,576 bytes)

  • qdmlhj.exe 920 KB (942,080 bytes)

THE EMAIL:

Email

EMAIL DATA:

  • Date: Mon, 17 Jul 2017 17:29:52 -0700

  • From: siewying@hexacon.com.sg

  • Subject: #52674523 REQUIREMENTS FOR PRODUCTS

  • In-Reply-To: <9d227cd9f889c9f97a07e75077cb1f89@hexacon.com.sg>

  • References: <c29d7ad128f9ad66eeae7fa886395c84@hexacon.com.sg>

  • <81c6127daaaf0678c8d0997be9cca2b1@hexacon.com.sg>

  • <9d227cd9f889c9f97a07e75077cb1f89@hexacon.com.sg>

  • Message-ID: <0b8fa571d9364cdaaa3d991627716620@hexacon.com.sg>

  • X-Sender: siewying@hexacon.com.sg

THE ATTACHMENT:

attachment

DROPPED FILE:

dropped file

EXTRACTED FILE DETAILS FOR :

extracted file

File Name : fgox.rar 372 KB (380,928 bytes)

MD5 :2a33da43cad71d086e9d42d5dc519fb0

SHA1 :c561e1430860041d388b6ded4cf02a45cdf4cdd8

SHA256 :14ee5f6f6a6925838d410d0cfb83b14127ea59ec2c45d5ef8608c7e042955c71

File Name : ltbdm.rar 524 KB (536,576 bytes)

MD5 :c24f6365258ac3cc4eb98b2b014633e6

SHA1 :b1db1af51d290763e487a42528d566f647b10360

SHA256 :23c140a976d23ff097f7c075e92439ec5872b94141b1d9fd39cc0b052ebc5aa5

File Name : qdmlhj.rar 424.1 KB ( 434272 bytes )

MD5 :dc20c6e64e7e97178660a119f5391d50

SHA1 :f261aefcdbfc2fe8323252fe42fbbc12f5ac1f0e

SHA256 :916fb2c1f223900327d0cefa3183fb68944b47acb09d2aadf165cb6947982754

TRAFFIC:

traffic

 ASSOCIATED URLS:

  • 239 188.858927 10.108.55.58 96.6.66.30 HTTP 125 GET / HTTP/1.1

  • 243 188.948619 10.108.55.58 96.6.66.30 HTTP 125 [TCP Spurious Retransmission] GET / HTTP/1.1

FINAL NOTES:

Once again, here are the associated files:

ASSOCIATED FILES:

ZIP archive of the malware: [19 July 2017] – [PRODUCT REQUIREMENTS INQUIRY MALWARE] – 3.03 MB (3,178,496 bytes)

  • 3152-1500381921-136063.eml 1.84 MB (1,937,408 bytes)

  • fgox.iea 111 MB (117,198,848 bytes)

  • ltbdm.smn 524 KB (536,576 bytes)

  • qdmlhj.exe 920 KB (942,080 bytes)

 

Be part of an IT community with thousands of subscribers. Get the latest news, blogs, and thought leadership articles. Subscribe now
Email *
Be Sociable, Share!

Add new comment

Your name
Comment

You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>