2014-06-28 - SWEET ORANGE EK FROM 94.185.80.43 PORT 8590 - NULAPTRA.INDOLOCKER.COM - TYJALOS.TORNADO-365.COM

ASSOCIATED FILES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

AD-BASED REDIRECT:

SWEET ORANGE EK:

NOTE: The requests for .jar files all returned a 404 Not Found response.

 

POST-INFECTION TRAFFIC (FROM INFECTED VM):

 

POST-INFECTION TRAFFIC (FROM MALWR.COM ANALYSIS OF MALWARE):

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT

File name:  2014-06-28-Sweet-Orange-EK-flash-exploit.swf
File size:  4.2 KB ( 4337 bytes )
MD5 hash:  ad63d2543428a9dbde3b4d9d905e8733
Detection ratio:  2 / 49
First submission:  2014-06-27 08:27:22 UTC
VirusTotal link:  https://www.virustotal.com/en/file/ebfa23acd2e6c2f315f322640ec279788efe97b9580568af9b9b60c4d1eafbc7/analysis/

 

MALWARE PAYLOAD

File name:  2014-06-28-Sweet-Orange-EK-malware-payload.exe
File size:  154.5 KB ( 158208 bytes )
MD5 hash:  41026646f5a0bab6f5bc0d118359b71a
Detection ratio:  28 / 54
First submission:  2014-06-28 13:57:16 UTC
VirusTotal link:  https://www.virustotal.com/en/file/255b5f2c8434eafd41a03cedaec29e45a46077cf464ea1c35bd54e58087c6a31/analysis/
Malwr link:  https://malwr.com/analysis/ZTc3MWE4MTY5YjViNGQ2MjkwMzBmOTJiNTBlMGVlZjk/

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.