2014-08-08 - FLASHPACK EK FROM 77.78.104.96 - 6MUY8SQJBPWDYU1W15V11FW.CASAECLECTICA.COM.MX

ASSOCIATED FILES:

NOTES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

FLASHPACK EK:

POST-INFECTION REDIRECT TO ADULTFRIENDFINDER.COM:

 

POST-INFECTION TRAFFIC FROM GLUPTEBA MALWARE:

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOITS

File name:  2014-08-08-FlashPack-EK-flash-exploit-01.swf
File size:  8.2 KB ( 8441 bytes )
MD5 hash:  9866d0a1b2d0f205360527d946c77bf9
Detection ratio:  15 / 54
First submission:  2014-07-24 15:55:47 UTC
VirusTotal link:  https://www.virustotal.com/en/file/77d1f577a4cd5ab0d18d8bfc17d68a8675dc64b00f0096029458c67cade81038/analysis/

 

File name:  2014-08-08-FlashPack-EK-flash-exploit-02.swf
File size:  30.8 KB ( 31523 bytes )
MD5 hash:  e36b70bb2c75567c4b4b0e2f4cc362ad
Detection ratio:  13 / 54
First submission:  2014-07-24 23:13:09 UTC
VirusTotal link:  https://www.virustotal.com/en/file/8acd5e17b2590cbf06d32f25bbf05cb5198d90625ab44b55c5225b1d576033ef/analysis/

 

File name:  2014-08-08-FlashPack-EK-flash-exploit-03.swf
File size:  12.3 KB ( 12591 bytes )
MD5 hash:  2ee1220d578db6b95f8824f0cb03307e
Detection ratio:  13 / 54
First submission:  2014-07-30 15:16:13 UTC
VirusTotal link:  https://www.virustotal.com/en/file/07cccaec080423f9241756bd973cb1b68ee594d8039187dd49c41a86ae44d38d/analysis/

 

MALWARE PAYLOAD

File name:  2014-08-08-FlashPack-EK-malware-payload.exe
File size:  78.8 KB ( 80648 bytes )
MD5 hash:  1f28d45f67c10ca73651cc88c5e7a872
Detection ratio:  7 / 54
First submission:  2014-08-08 15:21:48 UTC
VirusTotal link:  https://www.virustotal.com/en/file/4600396a62bd5f439e3ab6874943ed9f72371b6d01dbe45de3f7000a85b2e03b/analysis/

 

SNORT EVENTS

Emerging Threats and ETPRO rulesets from Sguil on Security Onion (not including ET INFO or ET POLICY rules):

Sourcefire VRT ruleset from Snort 2.9.6.0 on Ubuntu 14.04 LTS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.