2014-11-15 - ANGLER EK FROM 5.196.189.147 - VERSPEISGRAVEER.CATMITZVAH.COM

ASSOCIATED FILES:

 

 

INFECTION TRAFFIC

COMRPOMISED WEBSITE AND REDIRECT:

 

ANGLER EK:

 

POST-INFECTION TRAFFIC:

 

SNORT EVENTS

ET & ET PRO SIGNATURE HITS FROM SGUIL ON SECURITY ONION:

SOURCEFIRE VRT SIGNATURE HITS FROM SNORT 2.9.6.2:

 

PRELIMINARY MALWARE ANALYSIS

MALWARE FROM THE EXPLOIT KIT:

 

DROPPED FILES:

 

REGISTRY KEY CREATED FROM THE INFECTED VM:

Location:  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\
Value name:  RumyUficj
Value data:  regsvr32.exe "C:\ProgramData\RumyUficj\RumyUficj.dat"

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.