2014-07-11 - ANGLER EK FROM 192.154.110.237 - 41N.DEGOODYX.COM

ASSOCIATED FILES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

ANGLER EK:

POST-INFECTION TRAFFIC FROM MALWR.COM SANDBOX ANALYSIS:

 

PRELIMINARY MALWARE ANALYSIS

JAVA EXPLOIT:

File name:  2014-07-11-Angler-EK-java-exploit.jar
File size:  28.0 KB ( 28721 bytes )
MD5 hash:  d9905f9daf40cc3ea7c0f4cf69eeb716
Detection ratio:  17 / 53
First submission:  2014-06-20 12:38:57 UTC
VirusTotal link:  https://www.virustotal.com/en/file/959d3ff72d416c2130cfa38e036909c7eb3154f3fcd57bce9b9f1e0522999c07/analysis/

 

SILVERLIGHT EXPLOIT:

File name:  2014-07-11-Angler-EK-silverlight-exploit.xap
File size:  52.0 KB ( 53220 bytes )
MD5 hash:  70ac580aab2d6e93a0cef61e16fcdbaa
Detection ratio:  0 / 53
First submission:  2014-07-12 00:24:34 UTC
VirusTotal link:  https://www.virustotal.com/en/file/196f88d93e4fe11d19467b5d947da82ea1505637da3b5498d82942519f4e4112/analysis/

 

MALWARE PAYLOAD:

File name:  2014-07-11-Angler-EK-malware-payload.exe
File size:  128.0 KB ( 131072 bytes )
MD5 hash:  0e886370029b1b54ef2f66244852ac96
Detection ratio:  2 / 51
First submission:  2014-07-11 03:01:47 UTC
VirusTotal link:  https://www.virustotal.com/en/file/1c7f8bde68f7f24d2bdfce0a88ea1dd52aafff150776b51292a3e009a44cd8cb/analysis/
Malwr link:  https://malwr.com/analysis/MDc4ZTZmNGFmM2I1NDg2NGEyYzkyZTM3OTNjNTI2OTU/

 

SNORT EVENTS

Sourcefire VRT ruleset from Snort 2.9.6.0 running on Ubuntu 14.04 LTS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.