2014-01-07 - NEUTRINO EK TRAFFIC

ASSOCIATED FILES:

 

NOTES:

A quick post on traffic for another VM infected by the Neturino EK...

 

INFECTION CHAIN OF EVENTS

ASSOCIATED DOMAINS:

INFECTION CHAIN:

 

PRELIMINARY MALWARE ANALYSIS

Java exploit from 212.83.188.39 port 8000 (quohyiin.dikarlos.com):

https://www.virustotal.com/en/file/f3ccab0af7589ff0018eeb6b7d8d14f84ee8561ae148dc90e4cbf34d95eb53a3/analysis/1389505092/

File name:  2014-01-07-java-exploit-from-neutrino-domain.jar
File size:  19.5 KB ( 20008 bytes )
MD5 hash:  634bc1f2a8e620aafee15c30a1bdd31d
Detection ratio:  7 / 47
First submitted:  2014-01-04 23:05:25 GMT

EXE payload from 212.83.188.39 port 8000 (quohyiin.dikarlos.com):

https://www.virustotal.com/en/file/7630bc8964eb3dfe40f9402823f319eba57b4c8f29da1a30614aebe0dc399141/analysis/1389505110/

File name:  2014-01-07-EXE-payload-from-neutrino-domain.exe
File size:  230.3 KB ( 235820 bytes )
MD5 hash:  86f7ac3c1f9762ae8a4197f5d2d8a3e5
Detection ratio:  11 / 47
First submitted:  2014-01-08 15:09:49 GMT

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.