2015-05-14 - NUCLEAR EK FROM 109.234.37.12 - SENDS NECURS

ASSOCIATED FILES:

 

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

REDIRECT/GATE:

 

NUCLEAR EK:

 

POST-INFECTION HTTP TRAFFIC:

 

POST-INFECTION DNS QUERIES:

 

POST-INFECTION UDP TRAFFIC:

 

PRELIMINARY MALWARE ANALYSIS

MALWARE PAYLOAD:

File name:  2015-05-14-Nuclear-EK-malware-payload.exe
File size:  112.5 KB ( 115200 bytes )
MD5 hash:  0db7cbfc1220b22b47eddd945f99940c
Detection ratio:  10 / 57
First submission:  2015-05-14 21:27:25 UTC
VirusTotal link:  https://www.virustotal.com/en/file/a7abab4599816f23a158bd7eae5edaaecfa73820591d34c5a43a5db388c2295b/analysis/
Malwr link:  https://malwr.com/analysis/MDY1ZWQ0MzIxYmNlNGY3ZjhkOGFjNGQyODQ0NDZiMjg/
Hybrid-Analysis link:  https://www.hybrid-analysis.com/sample/a7abab4599816f23a158bd7eae5edaaecfa73820591d34c5a43a5db388c2295b?environmentId=1

 

FINAL NOTES

Once again, here are the associated files:

Click here to return to the main page.