2015-07-20 - NUCLEAR EK SENDS TESLACRYPT 2.0

PCAP AND MALWARE:

 

NOTES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

NUCLEAR EK:

 

POST-INFECTION TRAFFIC:

 

SNORT EVENTS

Significant signature hits from the Emerging Threats and ETPRO rulesets using Sguil on Security Onion:

 

PRELIMINARY MALWARE ANALYSIS

FLASH EXPLOIT:

File name:  2015-07-20-Nuclear-EK-flash-exploit.swf
File size:  23.2 KB ( 23803 bytes )
MD5 hash:  9d981efe8be1fe0a54937652cce94013
SHA256 hash:  8740775f8aea01d4e3013863ba4a8e1a553f89e71375530e7198865af2673488
Detection ratio:  1 / 55
First submission:  2015-07-20 14:48:23 UTC
VirusTotal link:  https://www.virustotal.com/en/file/8740775f8aea01d4e3013863ba4a8e1a553f89e71375530e7198865af2673488/analysis/

 

MALWARE PAYLOAD:

File name:  2015-07-20-Nuclear-EK-payload-TeslaCrypt-2.0.exe
File size:  349.5 KB ( 357888 bytes )
MD5 hash:  50fd967b39315d95f02127a2f05f6326
SHA256 hash:  8271d841b9971f04d6a48804d06ecd7185d71ed8546988b1697fbe01741a8572
Detection ratio:  7 / 55
First submission:  2015-07-20 14:48:42 UTC
VirusTotal link:  https://www.virustotal.com/en/file/8271d841b9971f04d6a48804d06ecd7185d71ed8546988b1697fbe01741a8572/analysis/
Hybrid-Analysis:  https://www.hybrid-analysis.com/sample/8271d841b9971f04d6a48804d06ecd7185d71ed8546988b1697fbe01741a8572?environmentId=1

 

FINAL NOTES

Once again, here are the associated files:

Click here to return to the main page.