2015-10-13 - NEUTRINO EK FROM 81.2.241.147

ASSOCIATED FILES:

 

CHAIN OF EVENTS


Shown above:  HTTP requests from the first run.

 


Shown above:  HTTP requests from the second run.

 


Shown above:  UDP traffic from the second run (also shows some of the DGA domains requested).

 


Shown above:  TCP connections from the infected host during the second run.

 

ASSOCIATED DOMAINS:

 

PRELIMINARY MALWARE ANALYSIS

NEUTRINO EK FLASH EXPLOIT:

 

MALWARE RETRIEVED FROM THE INFECTED HOST:

 

REGISTRY KEYS ASSOCIATED WITH THIS INFECTION:

 

VALUES FOR ALL THE ABOVE REGISTRY KEYS:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.