2015-05-05 - ANGLER EK FROM 94.242.255.53

PCAP AND MALWARE:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

ANGLER EK:

 

POST-INFECTION TRAFFIC:

 

ADDITIONAL INFO FROM MALWARE ANALYSIS TOOLS:

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT:

File name:  2015-05-05-Angler-EK-flash-exploit.swf
File size:  53.9 KB ( 55227 bytes )
MD5 hash:  56c207b084da0e3695eb16c89f503b84
Detection ratio:  2 / 57
First submission:  2015-05-05 16:52:41 UTC
VirusTotal link:  https://www.virustotal.com/en/file/28ea2b8a43ecc137ada871db73afd2c48ddc903eef158bc09ec477900bf27abd/analysis/

 

MALWARE PAYLOAD:

File name:  2015-05-05-Angler-EK-malware-payload.exe
File size:  64.0 KB ( 65536 bytes )
MD5 hash:  3d496f0793cfcb63afe20e02426fc465
Detection ratio:  3 / 57
First submission:  2015-05-05 19:02:08 UTC
VirusTotal link:  https://www.virustotal.com/en/file/17b695e9fd2f2d5ce31041aea77ab9c8bf094a3b78d3430e28b93fe5863dd5c8/analysis/
Malwr link:  https://malwr.com/analysis/NWNmNjdiOTdiZDFiNGY3ODg4ZGVjM2E1YWJlMGJjMWU/
Malwr link:  https://www.hybrid-analysis.com/sample/17b695e9fd2f2d5ce31041aea77ab9c8bf094a3b78d3430e28b93fe5863dd5c8?environmentId=1

 

FINAL NOTES

Once again, here are the associated files:

The ZIP file is password-protected with the standard password.  If you don't know it, email me at admin@malware-traffic-analysis.net and ask.

Click here to return to the main page.