2014-06-26 - FIESTA EK ON 64.202.116.151 - FTPNROCK.IN.UA

ASSOCIATED FILES:

 

CHAIN OF EVENTS

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT

File name:  2014-06-26-Fiesta-EK-flash-exploit.swf
File size:  9.8 KB ( 9986 bytes )
MD5 hash:  57952dff4d59c0ede13ce682ea5b59df
Detection ratio:  0 / 54
First submission:  2014-06-24 21:54:30 UTC
VirusTotal link:  https://www.virustotal.com/en/file/71d98b3fa03c00ae39ea50fc1c6ec71174bf058a931e43d83dcdf4759dc0b891/analysis/

File name:  2014-06-26-Fiesta-EK-flash-exploit-uncompressed.swf
File size:  15.3 KB ( 15659 bytes )
MD5 hash:  080e9424e315a2b7b1a24801d6c1907f
Detection ratio:  0 / 54
First submission:  2014-06-28 19:08:05 UTC
VirusTotal link:  https://www.virustotal.com/en/file/57d5d815d31a9baf14f5187c7562475b7502fca230de9909d786921aa80e61c3/analysis/

 

JAVA EXPLOIT

File name:  2014-06-26-Fiesta-EK-java-exploit.jar
File size:  7.7 KB ( 7902 bytes )
MD5 hash:  fc7a679cc8b91631d9efad6ced945b86
Detection ratio:  6 / 54
First submission:  2014-06-28 19:08:30 UTC
VirusTotal link:  https://www.virustotal.com/en/file/3a85c85d4c34d595e4da1e7fb145acf853ebcf81b7a18a6d83165be22528d48f/analysis/

 

SILVERLIGHT EXPLOIT

File name:  2014-06-26-Fiesta-EK-silverlight-exploit.xap
File size:  11.7 KB ( 11968 bytes )
MD5 hash:  9455541d20fa13b35ee6f1e8732a03f7
Detection ratio:  0 / 54
First submission:  2014-06-24 16:05:27 UTC
VirusTotal link:  https://www.virustotal.com/en/file/48a08e87bf8be6d65f273122b6ba8f823aa35537b1fb0ef7829553939df5e143/analysis/

 

MALWARE PAYLOAD

File name:  2014-06-26-Fiesta-EK-malware-payload.exe
File size:  166.0 KB ( 169984 bytes )
MD5 hash:  29fd1f436712245aa77826a457bbfa59
Detection ratio:  22 / 54
First submission:  2014-06-27 02:18:06 UTC
VirusTotal link:  https://www.virustotal.com/en/file/e4783e389e33430d18dc343b8a4642a6c75b972d526d89195ba826f563526c37/analysis/
Malwr link:  https://malwr.com/analysis/MTQ5MzFhYmM5ZjJhNGY2ZDgzODFkNDQwMDVkMGQ2Mzc/

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.