2014-07-09 - FIESTA EK FROM 64.202.116.156 - GPOISON.IN.UA

ASSOCIATED FILES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

FIESTA EK:

POST-INFECTION TRAFFIC FROM SANDBOX ANALYSIS:

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT

File name:  2014-07-09-Fiesta-EK-flash-exploit.swf
File size:  9.8 KB ( 10039 bytes )
MD5 hash:  a893630ee0690b9823a7411a4b15949e
Detection ratio:  0 / 53
First submission:  2014-07-09 13:53:09 UTC
VirusTotal link:  https://www.virustotal.com/en/file/8dc95e2b5c98e355dceec09c683362bdb453f14d171e99d0422a278d0b012cc9/analysis/

File name:  2014-07-09-Fiesta-EK-flash-exploit-uncompressed.swf
File size:  15.3 KB ( 15668 bytes )
MD5 hash:  6756e1563fcb97234cb129acb2a201fa
Detection ratio:  0 / 54
First submission:  2014-07-10 00:16:54 UTC
VirusTotal link:  https://www.virustotal.com/en/file/2fcb4eb223c733eb388c4cec50ad16723d3ccce5ef3fcbf38aea63ac04ebf241/analysis/

 

JAVA EXPLOIT

File name:  2014-07-09-Fiesta-EK-java-exploit.jar
File size:  4.8 KB ( 4941 bytes )
MD5 hash:  7526d3bebafefe3a219236ab3c29ea3b
Detection ratio:  2 / 54
First submission:  2014-07-10 00:17:15 UTC
VirusTotal link:  https://www.virustotal.com/en/file/839a6beb74ffdd94eaeb0cd403515edff3ac18b0cfe37da439d5393f7933c678/analysis/

 

SILVERLIGHT EXPLOIT

File name:  2014-07-09-Fiesta-EK-silverlight-exploit.xap
File size:  11.7 KB ( 11961 bytes )
MD5 hash:  cb8fe8f15d1f8e320d7050640919e77e
Detection ratio:  1 / 54
First submission:  2014-07-10 00:17:35 UTC
VirusTotal link:  https://www.virustotal.com/en/file/fda83f0b8c42f823a735ec3f37e9768ee330c6006c6105edfb6e8e053e2dba5f/analysis/

 

MALWARE PAYLOAD

File name:  2014-07-09-Fiesta-EK-malware-payload.exe
File size:  709.5 KB ( 726528 bytes )
MD5 hash:  575f8b8b898472b381e99cb1686d4ade
Detection ratio:  7 / 53
First submission:  2014-07-10 00:05:36 UTC
VirusTotal link:  https://www.virustotal.com/en/file/48e263d42ffd3b8c994acce5f5e6c8cd1dda5d2a858435a28b17b98117dd42df/analysis/
Malwr link:  https://malwr.com/analysis/YmYwNGJiZjdkNmQ3NDdiYzk2OWU3OWI2NDFmNzdiNTY/

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

The ZIP file is password-protected with the standard password.  If you don't know it, email me at admin@malware-traffic-analysis.net and ask.

Click here to return to the main page.