2014-06-16 - FLASHPACK EK FROM - 46.21.159.160 - CHANGE IN URL PATTERNS

ASSOCIATED FILES:

NOTES:

CHAIN OF EVENTS

FIRST RUN (TWO DIFFERENT FLASH EXPLOITS):

SECOND RUN (CVE-2014-0515 FLASH EXPLOIT ONLY):

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOITS

File name:  2014-06-16-FlashPack-EK-CVE-2014-0515-exploit.swf
File size:  9.9 KB ( 10178 bytes )
MD5 hash:  7f8e224bae0ea77e31a5416c334db1c3
Detection ratio:  0 / 54
First submission:  2014-06-16 17:56:49 UTC
VirusTotal link:  https://www.virustotal.com/en/file/aac79703c11fb1102567192a42c074ccc374444460800adcd0bb32a10cb2f888/analysis/

File name:  2014-06-16-FlashPack-EK-other-flash-exploit.swf
File size:  37.0 KB ( 37896 bytes )
MD5 hash:  3aa1810f0cf2a3de235ab68767109646
Detection ratio:  0 / 53
First submission:  2014-06-10 13:47:30 UTC
VirusTotal link:  https://www.virustotal.com/en/file/f32609d680b7215e92ae9b3f27338dc0e9125232e798fcabdd634265cebd1c6d/analysis/

 

MALWARE PAYLOADS

File name:  2014-06-16-FlashPack-EK-malware-payload-first-run.exe
File size:  94.0 KB ( 96256 bytes )
MD5 hash:  0b486b4be80a643f54740d5d9d520202
Detection ratio:  20 / 54
First submission:  2014-06-16 06:44:48 UTC
VirusTotal link:  https://www.virustotal.com/en/file/9b56c2c6562a03f50546d2ab718b3b67a9df0deecf102d5b9ca0822ea729fbd5/analysis/

File name:  2014-06-16-FlashPack-EK-malware-payload-second-run.exe
File size:  94.5 KB ( 96768 bytes )
MD5 hash:  ecf006f89024fefd237a3da4a93c7107
Detection ratio:  7 / 54
First submission:  2014-06-16 21:09:41 UTC
VirusTotal link:  https://www.virustotal.com/en/file/190c80a5b3d115b5e38aa7161765030ee67fd18e51fb53ae57360c41ce62fa78/analysis/

 

SNORT EVENTS

Emerging Threats and ETPRO rulesets:

Sourcefire VRT ruleset:

NOTE: These Snort events were taken from Sguil on Security Onion

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.