2014-07-15 - MAGNITUDE EK FROM 5.133.179.166 - 241020.2DBA.6D01312.011.A85.6B4.D4.DF92.CFTBMXJLI.FOLKSBUILT.IN

ASSOCIATED FILES:

NOTES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

REDIRECT:

MAGNITUDE EK:

POST-INFECTION TRAFFIC:

 

PRELIMINARY MALWARE ANALYSIS

MALWARE PAYLOAD 1 OF 4:

File name:  2014-07-15-Magnitude-EK-malware-payload-1-of-4.exe
File size:  290.5 KB ( 297492 bytes )
MD5 hash:  0e7fcd6595c444f6a829d4763516741f
Detection ratio:  7 / 53
First submission:  2014-07-15 23:33:45 UTC
VirusTotal link:  https://www.virustotal.com/en/file/28afa062eb5466531d804fdeb249c28cf7992f983c90fb6b9b60d6171a53648b/analysis/
Malwr link:  https://malwr.com/analysis/OGE5MmVmMGNkODE0NDY5NDg3MWFiODFjZDY2NzA5ZTc/

 

MALWARE PAYLOAD 2 OF 4:

File name:  2014-07-15-Magnitude-EK-malware-payload-2-of-4.exe
File size:  92.0 KB ( 94216 bytes )
MD5 hash:  8beb666c0c45f74875a3f5882ec957cd
Detection ratio:  4 / 54
First submission:  2014-07-15 23:35:49 UTC
VirusTotal link:  https://www.virustotal.com/en/file/cdec45ec8e20bcb710b7971a0e95a8c9fffbb1775fe7e3e9a3e4d847d2c5d08f/analysis/
Malwr link:  https://malwr.com/analysis/NjdiYTQzNzk1YTBkNGJlN2E3NzJlMzQ2Zjk5OTA0Y2U/

 

MALWARE PAYLOAD 3 OF 4:

File name:  2014-07-15-Magnitude-EK-malware-payload-3-of-4.exe
File size:  108.0 KB ( 110592 bytes )
MD5 hash:  33aedc85d46d28321bded7ea27c01f62
Detection ratio:  3 / 54
First submission:  2014-07-15 23:36:51 UTC
VirusTotal link:  https://www.virustotal.com/en/file/9d680a28111322cc35e170335c088c826e3dd13f2883f5c57f233dc00303d1f0/analysis/
Malwr link:  https://malwr.com/analysis/YjY0OTkzZGIwNTkxNDRmMjk5NzZkY2YwYzY5MGUxMDc/

 

MALWARE PAYLOAD 4 OF 4:

File name:  2014-07-15-Magnitude-EK-malware-payload-4-of-4.exe
File size:  420.0 KB ( 430080 bytes )
MD5 hash:  95e0f12750a0629fd00551def17207ed
Detection ratio:  5 / 54
First submission:  2014-07-15 23:38:09 UTC
VirusTotal link:  https://www.virustotal.com/en/file/3e99add247b060c795512783803c6698b5490bef7c883d7e39ab0223152ae253/analysis/
Malwr link:  https://malwr.com/analysis/YzZjOWMzMGM3ZmMyNGU4ZDhiMTQ2OTFkNzU4ZmNlODk/

 

FOLLOW-UP MALWARE:

File name:  UpdateFlashPlayer_dca93f91.exe
File size:  168.0 KB ( 172032 bytes )
MD5 hash:  e57ea8653156a1b16414c57378546418
Detection ratio:  4 / 54
First submission:  2014-07-16 01:00:07 UTC
VirusTotal link:  https://www.virustotal.com/en/file/666bd304a5c637c74a30a13d466ee7df7142cc70bd3eeca80a66abd9858b1a14/analysis/
Malwr link:  https://malwr.com/analysis/Mzk1YzY3MDcxNjJiNDQ0ZTgwYjhkNmUyZDVmZGZlYWY/

 

SNORT EVENTS

Emerging Threats and ETPRO rulesets from Sguil on Security Onion:

Sourcefire VRT ruleset from Snort 2.9.6.0 on Ubuntu 14.04 LTS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.