2014-07-03 - NUCLEAR EK SENDS CRYPTOWALL FROM 23.29.118.27 - 758672626-6.DRIVCELLENT.UNI.ME

ASSOCIATED FILES:

NOTES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

NUCLEAR EK:

POST-INFECTION TRAFFIC:

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT

File name:  2014-07-03-Nuclear-EK-flash-exploit.swf
File size:  4.2 KB ( 4309 bytes )
MD5 hash:  d008e2d6f73f7eb816ee176fa5df62b2
Detection ratio:  1 / 53
First submission:  2014-07-02 20:02:06 UTC
VirusTotal link:  https://www.virustotal.com/en/file/e63667e4eab40e3caca83e4d5ba8c0eb3e94c3806147f43223aa442632353c15/analysis/

 

JAVA EXPLOIT

File name:  2014-07-03-Nuclear-EK-java-exploit.jar
File size:  12.3 KB ( 12560 bytes )
MD5 hash:  a885718f803c09c0649523bdb6df13b1
Detection ratio:  4 / 53
First submission:  2014-07-02 12:40:01 UTC
VirusTotal link:  https://www.virustotal.com/en/file/9cf2368f097f9e270a695b24450b98857f4da48c5418ff4c5effda005228dab6/analysis/

 

MALWARE PAYLOAD

File name:  2014-07-03-Nuclear-EK-malware-payload.exe
File size:  182.1 KB ( 186488 bytes )
MD5 hash:  1625fd5912a2d620c4a423227d59b241
Detection ratio:  4 / 54
First submission:  2014-07-03 01:42:56 UTC
VirusTotal link:  https://www.virustotal.com/en/file/968d47391cddb4ff7ca360d805409365799e0b3fadd74feef07505213db64ba2/analysis/
Malwr link:  https://malwr.com/analysis/MGQwODNmNWZkZTY5NGEwN2JjODZjZjBhYmM2MjQyMTU/

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.