2014-08-01 - MAGNITUDE EK - 193.169.245.148 - E504.01C4.A8022.1C.190.ED2E62B.575.808F.HYIXOANGCQH.CASSETTETERMS.EU

ASSOCIATED FILES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

MAGNITUDE EK:

 

SNORT EVENTS FOR THE INITIAL INFECTION

Emerging Threats and ETPRO rulesets from Sguil on Security Onion (without ET POLICY or ET INFO events):

Sourcefire VRT ruleset from Snort 2.9.6.2 on Ubuntu 14.04 LTS:

 

MALWARE PAYLOAD 1 OF 4

File name:  2014-08-01-Magnitude-EK-malware-payload-1-of-4.exe
File size:  306.8 KB ( 314190 bytes )
MD5 hash:  b0ab691fb2fb6ae4c4f34d0f580bfc0a
Detection ratio:  1 / 54
First submission:  2014-08-01 22:12:08 UTC
VirusTotal link:  https://www.virustotal.com/en/file/fc6eeed81fb9f20b9306481b28b2ee84cb80df8b3b462c2e416ee08c48454e71/analysis/

 

TRAFFIC (2014-08-01-Magnitude-EK-malware-payload-sandbox-analysis-1-of-4.pcap):

 

SNORT EVENTS:

 

MALWARE PAYLOAD 2 OF 4

File name:  2014-08-01-Magnitude-EK-malware-payload-2-of-4.exe
File size:  96.0 KB ( 98304 bytes )
MD5 hash:  cbcd09fac316689b2a92bf48e3f6ea60
Detection ratio:  2 / 54
First submission:  2014-08-01 22:12:24 UTC
VirusTotal link:  https://www.virustotal.com/en/file/62de688d5e72799f5cfd607a25a25ffa1010fd8fb4dd8791f54b683d691c0bb1/analysis/

 

TRAFFIC (2014-08-01-Magnitude-EK-malware-payload-sandbox-analysis-2-of-4.pcap):

 

SNORT EVENTS:

 

MALWARE PAYLOAD 3 OF 4

File name:  2014-08-01-Magnitude-EK-malware-payload-3-of-4.exe
File size:  116.0 KB ( 118784 bytes )
MD5 hash:  f4a6b0fc34772505c2a0f0a510d2e220
Detection ratio:  3 / 54
First submission:  2014-08-01 22:12:42 UTC
VirusTotal link:  https://www.virustotal.com/en/file/e5d5942f3ffac23b091605a6cf646e954e593890ccf86ec013f17d909e476c29/analysis/

 

TRAFFIC (2014-08-01-Magnitude-EK-malware-payload-sandbox-analysis-3-of-4.pcap):

 

SNORT EVENTS:

 

MALWARE PAYLOAD 4 OF 4

File name:  2014-08-01-Magnitude-EK-malware-payload-4-of-4.exe
File size:  95.5 KB ( 97792 bytes )
MD5 hash:  1c3b3e3640545fe6fc7c056d3369d010
Detection ratio:  2 / 54
First submission:  2014-08-01 22:13:02 UTC
VirusTotal link:  https://www.virustotal.com/en/file/2d43fd5ede9afa8c0b8ca14e8661a3d6f4c3e05b91ddfd76bda5a3c4561c7f6b/analysis/

 

TRAFFIC (2014-08-01-Magnitude-EK-malware-payload-sandbox-analysis-4-of-4.pcap):

 

SNORT EVENTS:

 

OTHER MALWARE

FLASH EXPLOIT:

File name:  2014-08-01-Magnitude-EK-flash-exploit.swf
File size:  14.1 KB ( 14402 bytes )
MD5 hash:  f4083282b1e9f9ec018d12d051a475d5
Detection ratio:  0 / 53
First submission:  2014-08-01 22:19:28 UTC
VirusTotal link:  https://www.virustotal.com/en/file/8e9cf3a24e7245eb792e1dcf178ee61efbe307537d7009f1a7def9976e0582d4/analysis/

 

FOLLOW-UP MALWARE DOWNLOADED BY PAYLOAD 2 OF 4:

File name:  UpdateFlashPlayer_15eec67e.exe
File size:  148.0 KB ( 151552 bytes )
MD5 hash:  aa5c791b33cf2a330c27e0253808cd7f
Detection ratio:  9 / 54
First submission:  2014-08-01 23:44:11 UTC
VirusTotal link:  https://www.virustotal.com/en/file/898820f0375cb464b4abc28ef73aec24c343aa95790ca61563e51ffd60acb9f5/analysis/

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.