2014-06-30 - INFINITY EK FROM 188.65.113.171 - D7HOSTING.COM

ASSOCIATED FILES:

 

CHAIN OF EVENTS

INFINITY EK:

POST-INFECTION TRAFFIC:

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT

File name:  2014-06-30-Infinity-EK-flash-exploit.swf
File size:  4.0 KB ( 4084 bytes )
MD5 hash:  368bf49f08111c32fed060a61ba87bac
Detection ratio:  0 / 54
First submission:  2014-06-11 17:05:02 UTC
VirusTotal link:  https://www.virustotal.com/en/file/7c0c66afb9d90192c172ee6b9368e2c6425cff1bf02bdf426064b889646d7af4/analysis/

 

SILVERLIGHT EXPLOIT

File name:  2014-06-30-Infinity-EK-silverlight-exploit.xap
File size:  12.3 KB ( 12580 bytes )
MD5 hash:  13110267b2764269c5e064cab95dca0c
Detection ratio:  0 / 54
First submission:  2014-06-28 13:21:02 UTC
VirusTotal link:  https://www.virustotal.com/en/file/81c0bca7a6b8a2ac5d5a08cd32620ac93d1b478e9d6bd5385a455e1d57dcc6c8/analysis/

 

MALWARE PAYLOAD

File name:  2014-06-30-Infinity-EK-malware-payload.exe
File size:  231.8 KB ( 237332 bytes )
MD5 hash:  42fa88a8a004de2edeb088f2713b78e5
Detection ratio:  3 / 54
First submission:  2014-06-30 03:07:25 UTC
VirusTotal link:  https://www.virustotal.com/en/file/c25e174a4a74ceb540fdea97200a0f3e2a7710686d9623412d419a849b88e278/analysis/
Malwr link:  https://malwr.com/analysis/OTM5NTFiMTNhNDVlNGYyODg5ZGExNmZkMmQ5YjVlZTE/

 

SNORT EVENTS

These Snort events were taken from Sguil on Security Onion using the default Emerging Threats rule set.  This list does not include the ET INFO or ET POLICY rules.

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.