2014-04-13 - FAKE FLASH UPDATER HOSTED ON GOOGLE DRIVE

ASSOCIATED FILES:

NOTES:

BLOG ENTRIES SINCE I STARTED KEEPING TRACK:

 

TODAY'S TRAFFIC EXAMPLE

compromised website --> fake Flash updater notice --> site hosting the malware
www.westernbeef.com --> rollen.ru --> drive.google.com

 

PRELIMINARY MALWARE ANALYSIS

FAKE FLASH UPDATER

File name:  InstallerFlash.exe
File size:  116.8 KB ( 119592 bytes )
MD5 hash:  c112023f2508c63911eafe089cbb621a
Detection ratio:  32 / 54
First submission:  2014-06-12 17:47:04 UTC
VirusTotal link:  https://www.virustotal.com/en/file/ab6b8fb81464fa97b0755f0d131467483bff74c3a3f5aee76d7b083d4b17fb21/analysis/
Malwr link:  https://malwr.com/analysis/ZWExYmNlMDJmMjU4NGI2ZmE2NjJhYTJkNjVlYzQzZmM/

NOTE: The sandbox malware did not execute properly, but gave a popup Window with a Run-time error shown below:

This also happened on a physical Windows 7 machine, and VMs running both Windows 7 and Windows XP.

 

SNORT EVENTS

No Snort events were noted for this traffic.

 

SCREENSHOTS FROM THE TRAFFIC

From the compromised website to the fake Flash updater notification:

 

Link from the fake Flash updater notification to the malware on Google Drive:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.