2014-04-28 - FAKE FLASH UPDATER HOSTED ON MICROSOFT ONEDRIVE IP ADDRESSES

ASSOCIATED FILES:

 

MICROSOFT ONEDIRVE IP ADDRESSES HOSTING THE MALWARE:

 

NOTES:

 

TODAY'S EXAMPLES

comromised website --> fake Flash updater notice --> Microsoft OneDrive hosting the malware
www.rabig.com.tr --> ab000302.ferozo.com --> xmdrlq.dm2302.livefilestore.com

HTTPS link from fake Flash updater notice:

 

comromised website --> fake Flash updater notice --> Microsoft OneDrive hosting the malware
www.comersid.ro --> ajmfashions.ne --> xmdrlq.dm2304.livefilestore.com

HTTPS link from fake Flash updater notice:

 

comromised website --> fake Flash updater notice --> Microsoft OneDrive hosting the malware
www.landestrachtenverband.at --> www.gala.mx --> xmdrlq.dm1.livefilestore.com

HTTPS link from fake Flash updater notice:

 

comromised website --> fake Flash updater notice --> Microsoft OneDrive hosting the malware
www.vendre-voiture-export.be --> www.spid.it --> xmdrlq.dm2301.livefilestore.com

HTTPS link from fake Flash updater notice:

 

PRELIMINARY MALWARE ANALYSIS

File name:  FlashUpdater.exe
File size:  159.0 KB ( 162816 bytes )
MD5 hash:  8cf348c51fa48116df89009b1886f9eb
Detection ratio:  3 / 51
First submission:  2014-04-28 00:52:27 UTC
VirusTotal link:  https://www.virustotal.com/en/file/d3adf9d07df2813839698c8a777394fe5262c9c575a2a7e82d2f15c132e221e4/analysis/

 

FINAL NOTES

Once again, here are links for the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.