2015-01-30 - ANGLER EK FROM 178.32.131.248 - 6JD5C9.CKK.CREACIONESLITERARIAS-KIRK.COM

ASSOCIATED FILES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

ANGLER EK:

 

SNORT EVENTS

Signature hits from the Emerging Threats and ETPRO rulesets using Sguil on Security Onion (without ET POLICY or ET INFO events):

Significant signature hits from the Talos (Sourcefire VRT) ruleset using Snort 2.9.7.0 on Debian 7:

 

PRELIMINARY MALWARE ANALYSIS

SILVERLIGHT EXPLOIT:

File name:  2015-01-30-Angler-EK-silverlight-exploit.xap
File size:  45.4 KB ( 46525 bytes )
MD5 hash:  8581593f5a5bccd27540eec5747c7259
Detection ratio:  0 / 57
First submission:  2015-01-30 19:58:52 UTC
VirusTotal link:  https://www.virustotal.com/en/file/ca0cd15e28620dcb1b2fb5d29fb6daaa88346d8775139607bd9d2f583415e7b8/analysis/

 

MALWARE PAYLOAD:

File name:  2015-01-30-Angler-EK-malware-payload.exe
File size:  432.0 KB ( 442372 bytes )
MD5 hash:  8cbe696ba8747078189104ada18c9eb3
Detection ratio:  10 / 56
First submission:  2015-01-30 20:10:10 UTC
VirusTotal link:  https://www.virustotal.com/en/file/fedda87e22b4fd705fedae38c313794593829f0deccf3d35d63e5158865726e7/analysis/
Malwr link:  https://malwr.com/analysis/MzE2ZWI1N2FmNDAyNGY3NTg4NWQ2MjIxMmI5MGUyYTQ/

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.