2014-06-21 - FIESTA EK ON 64.202.116.151 - FERZYPSY.IN.UA

ASSOCIATED FILES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

FIESTA EK:

SANDBOX ANALYSIS OF MALWARE PAYLOAD FROM MALWR.COM:

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT

File name:  2014-06-21-Fiesta-EK-flash-exploit.swf
File size:  9.8 KB ( 10086 bytes )
MD5 hash:  e811566df31461d01701f6fed593499c
Detection ratio:  0 / 53
First submission:  2014-06-21 22:05:55 UTC
VirusTotal link:  https://www.virustotal.com/en/file/95629ba84278981f84681a935cc26b47d250bfd7b15a1fb031e7343666f48560/analysis/

File name:  2014-06-21-Fiesta-EK-flash-exploit-uncompressed.swf
File size:  15.4 KB ( 15734 bytes )
MD5 hash:  d40f48d1248d5e84acaf4b79d7c83d56
Detection ratio:  0 / 53
First submission:  2014-06-21 22:06:11 UTC
VirusTotal link:  https://www.virustotal.com/en/file/2fb84c6050c27a2a4cc7417a6e0afe51407f97f1c095806d84d91500bb160919/analysis/

 

JAVA EXPLOIT

File name:  2014-06-21-Fiesta-EK-java-exploit.jar
File size:  7.7 KB ( 7895 bytes )
MD5 hash:  296533af96774e8c63aad8ca7f74a5a4
Detection ratio:  2 / 54
First submission:  2014-06-20 14:17:18 UTC
VirusTotal link:  https://www.virustotal.com/en/file/997869e82e5163ebebc2ca01412d8eb91b2ad05b82eea52a78f633530edea053/analysis/

 

SILVERLIGHT EXPLOIT

File name:  2014-06-21-Fiesta-EK-silverlight-exploit.xap
File size:  10.9 KB ( 11177 bytes )
MD5 hash:  c87f1b6ae7c4a695de2ab56682774888
Detection ratio:  1 / 54
First submission:  2014-06-21 22:06:50 UTC
VirusTotal link:  https://www.virustotal.com/en/file/63819995c189f68bd97844ff8ac6abfa8927a1deabf6e409f5f5dc7bc119f722/analysis/

 

MALWARE PAYLOAD

File name:  2014-06-21-Fiesta-EK-malware-payload.exe
File size:  76.0 KB ( 77832 bytes )
MD5 hash:  137323a9603aca4a91702a59e5e171b0
Detection ratio:  1 / 54
First submission:  2014-06-21 21:55:44 UTC
VirusTotal link:  https://www.virustotal.com/en/file/9b90e923852b8a3ae850ad86d2197a1c1527f7686f0ca4e80ff8b49baab88a3b/analysis/
Malwr link:  https://malwr.com/analysis/NjUwNWRlNWVmOGM5NDI0MzljMjIwZDFlYjU2OTEyM2E/

 

FOLLOW-UP MALWARE

File name:  exe.exe
File size:  148.0 KB ( 151552 bytes )
MD5 hash:  402d70d5f2b4cc83291d8a44fbc81386
Detection ratio:  1 / 53
First submission:  2014-06-21 22:04:40 UTC
VirusTotal link:  https://www.virustotal.com/en/file/3a67ed1bd1fe578854edd2f7b78bd9782b5c2823ccaa7a852937ea804c8e7eaf/analysis/
Malwr link:  https://malwr.com/analysis/MmE1NDQ2YWZmOTYzNDNlMzk4NjM3MzI3ODBjYjE0Yzg/

 

SNORT EVENTS - INFECTION TRAFFIC

Emerging Threats and ETPRO rulesets:

Sourcefire VRT ruleset:

NOTE: These Snort events were taken from Sguil on Security Onion

 

SNORT EVENTS - SANDBOX ANALYSIS OF MALWARE PAYLOAD

Emerging Threats and ETPRO rulesets:

Sourcefire VRT ruleset:

NOTE: These Snort events were generated by using tcpreplay to replay the PCAP on Security Onion

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.