2014-06-10 - FLASHPACK EK FROM 192.71.151.14 - 3JF9S456U0RQV91RNO5PMFM.APTEKA-EREKCJA.PL

ASSOCIATED FILES:

NOTES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

TRAFFIC:

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT

File name:  2014-06-10-FlashPack-EK-flash-exploit.swf
File size:  15.4 KB ( 15807 bytes )
MD5 hash:  0535f214023fb455a36afe6782ba96ac
Detection ratio:  0 / 45
First submission:  2014-06-10 04:40:32 UTC
VirusTotal link:  https://www.virustotal.com/en/file/cdd7e502ddf9e3f74660da3157a5ece7cf277e3ce4eb65928ce682bd0f6de55e/analysis/

 

JAVA EXPLOIT

File name:  2014-06-10-FlashPack-EK-java-exploit.jar
File size:  13.1 KB ( 13434 bytes )
MD5 hash:  97925d90f5340be2aabf833d91f9f917
Detection ratio:  8 / 52
First submission:  2014-06-10 03:32:55 UTC
VirusTotal link:  https://www.virustotal.com/en/file/ace5fabcb614564f13bd9493a7f91ecc13694a9b294d94148b9579a1bef27152/analysis/

 

MALWARE PAYLOAD

File name:  2014-06-10-FlashPack-EK-malware-payload.exe
File size:  82.8 KB ( 84745 bytes )
MD5 hash:  1255d6345b7d29113bd540c2db4bbdfb
Detection ratio:  31 / 53
First submission:  2014-06-10 04:41:13 UTC
VirusTotal link:  https://www.virustotal.com/en/file/ec5a1f379ad579697acbcdac073c14d6284185ba0c293c41f699e413d3f9acc0/analysis/

 

FOLLOW-UP MALWARE

File name:  2014-06-10-FlashPack-EK-follow-up-malware.exe
File size:  132.5 KB ( 135692 bytes )
MD5 hash:  785c2dbd22431fe669f480ad050c1f43
Detection ratio:  23 / 53
First submission:  2014-06-10 04:41:28 UTC
VirusTotal link:  https://www.virustotal.com/en/file/6f4c499ae13e823bb7fa1cb744b2f2784977d1f1c621fc40e48ef113e42f673e/analysis/

 

SNORT EVENTS

SNORT EVENTS FOR THE INFECTION TRAFFIC (from Sguil on Security Onion)

Emerging Threats and ETPRO rulesets:

Sourcefire VRT ruleset:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.