2014-07-10 - NUCLEAR EK FROM 93.189.40.229 - GUMENO.YAHOOAPLE.COM

ASSOCIATED FILES:

NOTES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

COMPROMISED WEBSITE AND REDIRECT CHAIN:

NUCLEAR EK:

POST-INFECTION TRAFFIC:

 

PRELIMINARY MALWARE ANALYSIS

JAVA EXPLOIT:

File name:  2014-07-10-Nuclear-EK-java-exploit.jar
File size:  10.9 KB ( 11199 bytes )
MD5 hash:  5fe052dc0f01e3d4c75fafe6ef5d8e2e
Detection ratio:  1 / 54
First submission:  2014-07-10 20:51:26 UTC
VirusTotal link:  https://www.virustotal.com/en/file/35121c1a3996baf8110215b8046a68f70e03dee0e60879a95501b70421e1d686/analysis/

 

MALWARE PAYLOAD:

File name:  2014-07-10-Nuclear-EK-malware-payload.exe
File size:  140.0 KB ( 143360 bytes )
MD5 hash:  f31d2d8bdc00fa7a39d7558ea4bbf08b
Detection ratio:  4 / 47
First submission:  2014-07-10 15:25:12 UTC
VirusTotal link:  https://www.virustotal.com/en/file/8463ba7986419ef4a0afeb8e33fa26ed529975a668b1f31e12a0ac0f8e714646/analysis/
Malwr link:  https://malwr.com/analysis/YTE3ZTIxMmI5NGRkNDRiMmJkNjMwYjVmOTA1OTAyOWE/

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.