2015-09-29 - NUCLEAR EK FROM 162.247.14.204 - KOLENKOVOLODKI.CF

PCAP AND MALWARE:

 

NOTES:

 

CHAIN OF EVENTS

ASSOCIATED DOMAINS:

 

INFECTION TRAFFIC:

 

POST-INFECTION TRAFFIC:

 

PRELIMINARY MALWARE ANALYSIS

MALWARE PAYLOAD 1 OF 2:

File name:  2015-09-29-Nuclear-EK-payload-1-of-2.exe
File size:  111.5 KB ( 114176 bytes )
MD5 hash:  7c9bc9e7a4162ee0c175ef16ffc6b7f4
SHA1 hash:  23afa1bff785e346c892a1306cb3ea17190012ca
SHA256 hash:  50b1d95d1ceaaa23055a7ca8ef2c509fdea590d55ebf24aecb99340e2146ab04
Detection ratio:  18 / 56
First submission:  2015-09-29 16:36:56 UTC
VirusTotal link:  https://www.virustotal.com/en/file/50b1d95d1ceaaa23055a7ca8ef2c509fdea590d55ebf24aecb99340e2146ab04/analysis/
Malwr link:  https://malwr.com/analysis/MTJiYjhlZmM0ODFiNDA0ZWFmOTZlNDU0MDhkMjE1Y2Q/
Hybrid-Analysis link:  https://www.hybrid-analysis.com/sample/50b1d95d1ceaaa23055a7ca8ef2c509fdea590d55ebf24aecb99340e2146ab04?environmentId=4

 

MALWARE PAYLOAD 2 OF 2 (TESLACRYPT 2.0):

File name:  2015-09-29-Nuclear-EK-payload-2-of-2.exe
File size:  377.9 KB ( 386963 bytes )
MD5 hash:  91f696e9dea1f3ff5cacb892eb517790
SHA1 hash:  eed903d8c7f669b43eecee685c0f12827a4b93f0
SHA256 hash:  4130a04843e19a995a8a3ab0b5219cf84bd6fdde3e7e816522ddf99ac3621681
Detection ratio:  7 / 55
First submission:  2015-09-29 14:15:01 UTC
VirusTotal link:  https://www.virustotal.com/en/file/4130a04843e19a995a8a3ab0b5219cf84bd6fdde3e7e816522ddf99ac3621681/analysis/
Malwr link:  https://malwr.com/analysis/ZmVmM2QyNDAwYmU5NDRhOTg0NTQwNDFhZjM0YjhhNjk/
Hybrid-Analysis link:  https://www.hybrid-analysis.com/sample/4130a04843e19a995a8a3ab0b5219cf84bd6fdde3e7e816522ddf99ac3621681?environmentId=4

 

FINAL NOTES

Once again, here's the PCAP of the traffic and ZIP file of the malware:

The ZIP file is password-protected with the standard password.  If you don't know it, email me at admin@malware-traffic-analysis.net and ask.

Click here to return to the main page.