2014-04-23 - GOON/INFINITY EK FROM 89.161.140.32 (EKOPLANOWANIE.PL) AND 59.106.13.213 (MCS-CLEAN-SAKURA.NE.JP)

ASSOCIATED FILES:

ASSOCIATED DOMAINS

NOTES:

 

INFECTION TRAFFIC

VM:  IE 8, Flash 11.8.800.94, Java 6 update 25, and Silverlight 4.0.60531

Events triggered in Security Onion:

 

VM:  IE 10, Flash 12.0.0.38, Java 7 update 13, and Silverlight 5.1.10411

Events triggered in Security Onion:

 

VM:  IE 10 and Java 7 update 17

Events triggered in Security Onion:

 

PRELIMINARY MALWARE ANALYSIS

SILVERLIGHT EXPLOIT

File name:  2014-04-23-Goon-EK-silverlight-exploit.xap
File size:  13.3 KB ( 13662 bytes )
MD5 hash:  1df198a54fcda8de939f27b7b1d4c228
Detection ratio:  0 / 50
First submission:  2014-04-22 19:07:49 UTC
VirusTotal link:  https://www.virustotal.com/en/file/afe878d4d082a1cdd45e6355c7f884b6fe42454f13b5be163d8b3775748fe9e6/analysis/

 

JAVA EXPLOIT

File name:  2014-04-23-Goon-EK-java-exploit.jar
File size:  11.7 KB ( 11956 bytes )
MD5 hash:  6cfb13e2d028cea367ae996c4f90cb20
Detection ratio:  4 / 51
First submission:  2014-04-23 06:41:17 UTC
VirusTotal link:  https://www.virustotal.com/en/file/3f230492c466a935ca3129442f9a0122f7736d0d97bf569b35695f72cb1deeb7/analysis/

 

FLASH FILE SEEN IN IE8 AND IE10 TRAFFIC

File name:  2014-04-23-Goon-EK-flash-file-ie8-and-ie10.swf
File size:  6.0 KB ( 6143 bytes )
MD5 hash:  b20a2e4ff34c97e6714f500b9ccd8485
Detection ratio:  1 / 51
First submission:  2014-04-21 07:03:41 UTC
VirusTotal link:  https://www.virustotal.com/en/file/912b53ffc1c7c1a479e9b6502a82e1d6ecf3e4b181b32fb7a323700187b15674/analysis/

FLASH FILE ONLY NOTED IN IE10 TRAFFIC

File name:  2014-04-23-Goon-EK-flash-file-ie10-only.swf
File size:  5.8 KB ( 5908 bytes )
MD5 hash:  7890096fc1557e3ba11414b553b8237b
Detection ratio:  0 / 51
First submission:  2014-04-21 07:03:57 UTC
VirusTotal link:  https://www.virustotal.com/en/file/2442dd36044fa2b3efd0b4367ab23bed26c42116085821d55c46954d35521fef/analysis/

 

MALWARE PAYLOAD

File name:  2014-04-23-Goon-EK-malware-payload.exe
File size:  134.4 KB ( 137576 bytes )
MD5 hash:  8c970d380537aa513840e534e26194ae
Detection ratio:  23 / 51
First submission:  2014-04-18 08:14:34 UTC
VirusTotal link:  https://www.virustotal.com/en/file/800134f1b4e19de8ae311f1283c707f5886b5f408f6830cf545f22c4ced76c42/analysis/
Malwr link:  https://malwr.com/analysis/ZDQyNzgwY2EwMmM5NGMxOTlmMDczZjMzZjdkOTk2MTk/

 

FINAL NOTES

Once again, here are links for the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.