2015-01-23 - WINDIGO GROUP NUCLEAR EK FROM 188.40.64.218 - N1HXFTESFM3N4333AH61XNF.AJANSHIZMETI.COM

ASSOCIATED FILES:

 

NOTES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

CUSHION REDIRECT:

 

NUCLEAR EK:

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT:

File name:  2015-01-23-Windigo-group-Nuclear-EK-flash-exploit.swf
File size:  23.0 KB ( 23595 bytes )
MD5 hash:  3c89d96da3872d873e146d6ef813e39d
Detection ratio:  2 / 57
First submission:  2015-01-19 18:42:46 UTC
VirusTotal link:  https://www.virustotal.com/en/file/97e4044a12e7abc3433f4349a1e33277082b6020438726b92bf00afa1501afdf/analysis/

 

SILVERLIGHT EXPLOIT:

File name:  2015-01-23-Windigo-group-Nuclear-EK-silverlight-exploit.xap
File size:  17.4 KB ( 17841 bytes )
MD5 hash:  db4e34961e2e6aa7853aa0c9a1d6b626
Detection ratio:  0 / 57
First submission:  2015-01-23 21:10:41 UTC
VirusTotal link:  https://www.virustotal.com/en/file/a81f23a1013fb2c9207de36195a41cace3b5874e8d8eff1c5129f0a1ec77b684/analysis/

 

MALWARE PAYLOAD:

File name:  2015-01-23-Windigo-group-Nuclear-EK-malware-payload.exe
File size:  128.1 KB ( 131206 bytes )
MD5 hash:  eb793dda85eb6783b4f1a413233c91f2
Detection ratio:  5 / 56
First submission:  2015-01-23 21:10:17 UTC
VirusTotal link:  https://www.virustotal.com/en/file/bf431a5c7ebe77009288eafd6b356f92cb6f70a58a24d737cb0be422e8f369b0/analysis/
Malwr link:  https://malwr.com/analysis/ZDdhOWJjNjlhYzA0NGU2MGE2MjczM2RlZGIwNWZhNGI/

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.