2014-07-30 - FLASHPACK EK FROM 85.159.214.181

ASSOCIATED FILES:

 

NOTES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

WEBSITE AND REDIRECT CHAIN:

 

FLASHPACK EK:

NOTE:  Items marked [!] show where the same mawlare payload was delivered three different times.

 

POST-INFECTION TRAFFIC:

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOITS:

File name:  2014-07-30-FlashPack-EK-flash-file-01.swf
File size:  8.2 KB ( 8441 bytes )
MD5 hash:  9866d0a1b2d0f205360527d946c77bf9
Detection ratio:  2 / 53
First submission:  2014-07-24 15:55:47 UTC
VirusTotal link:  https://www.virustotal.com/en/file/77d1f577a4cd5ab0d18d8bfc17d68a8675dc64b00f0096029458c67cade81038/analysis/

File name:  2014-07-30-FlashPack-EK-flash-file-02.swf
File size:  30.8 KB ( 31523 bytes )
MD5 hash:  e36b70bb2c75567c4b4b0e2f4cc362ad
Detection ratio:  0 / 54
First submission:  2014-07-24 23:13:09 UTC
VirusTotal link:  https://www.virustotal.com/en/file/8acd5e17b2590cbf06d32f25bbf05cb5198d90625ab44b55c5225b1d576033ef/analysis/

File name:  2014-07-30-FlashPack-EK-flash-file-03.swf
File size:  12.3 KB ( 12591 bytes )
MD5 hash:  2ee1220d578db6b95f8824f0cb03307e
Detection ratio:  0 / 54
First submission:  2014-07-30 15:16:13 UTC
VirusTotal link:  https://www.virustotal.com/en/file/07cccaec080423f9241756bd973cb1b68ee594d8039187dd49c41a86ae44d38d/analysis/

 

JAVA EXPLOIT:

File name:  2014-07-30-FlashPack-EK-java-exploit.jar
File size:  30.6 KB ( 31350 bytes )
MD5 hash:  a18e120035dcf62892f3f8f722a928e2
Detection ratio:  11 / 54
First submission:  2014-07-29 23:35:47 UTC
VirusTotal link:  https://www.virustotal.com/en/file/1a45e43d99dcca04191f5c286ec51993fe1e92a6d3363ae49e685968641118e5/analysis/

 

MALWARE PAYLOAD:

File name:  2014-07-30-FlashPack-EK-malware-payload.exe
File size:  79.1 KB ( 81036 bytes )
MD5 hash:  7ffe399a1643ab5a1b149cc4b9569d60
Detection ratio:  8 / 54
First submission:  2014-07-30 20:48:17 UTC
VirusTotal link:  https://www.virustotal.com/en/file/1fb60e18b73fa3a241afee850f5f0fb3bcde19dfa27f0a2467cfbae5f80459ad/analysis/

 

SNORT EVENTS

Emerging Threats and ETPRO rulesets from Sguil on Security Onion:

Sourcefire VRT ruleset from Snort 2.9.6.0 on Ubuntu 14.04 LTS:

 

CHAIN OF EVENTS FROM THE ORIGINAL WEBSITE TO FLASHPACK EK

 

 

 

 

 

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.