2016-01-25 - EITEST ANGLER EK FROM 86.106.93.21

PCAP AND MALWARE:

 

NOTES:

 

TRAFFIC

ASSOCIATED DOMAINS:

 

COMPROMISED SITE AND REDIRECT:

 

ANGLER EK:

 

POST-INFECTION TRAFFIC:

 

PRELIMINARY MALWARE ANALYSIS

ANGLER EK FLASH EXPLOIT:

File name:  2016-01-25-EITest-Angler-EK-flash-exploit.swf
File size:  73.4 KB ( 75,195 bytes )
MD5 hash:  02c291a0cc2db1b19b82d84a02e3b765
SHA1 hash:  92d8bc6a896665855375829e057617f0bb276286
SHA256 hash:  057028e1b9bf01c6c2cf40a432b006b1a44597ea0c9ebd16b78a2ab6cdb847ad
Detection ratio:  1 / 53
First submission:  2016-01-25 23:58:59 UTC
VirusTotal link:  click here

 

ANGLER EK MALWARE PAYLOAD:

File name:  2016-01-25-EITest-Angler-EK-payload.exe
File size:  124.0 KB ( 126,976 bytes )
MD5 hash:  7fe6e9df343ed8428d68323db84d8595
SHA1 hash:  d704e6fcb9bc90ea3e24df457148d661080814e4
SHA256 hash:  620c7094f2344afb1efa9c46d83f9fa3e098c6c2b6918deee09a9c671eee38a9
Detection ratio:  5 / 53
First submission:  2016-01-25 23:08:22 UTC
VirusTotal link:  click here

 

POST-INFECTION MALWARE - 1 OF 2:

File name:  2016-01-25-EITest-Angler-EK-post-infection-malware-1-of-2.exe
File size:  132.0 KB ( 135,168 bytes )
MD5 hash:  05ecfec990f9d17b770312811e1e8b54
SHA1 hash:  5d7b5bd655f1efda816b735155e5173952ebd34d
SHA256 hash:  f872488c51e5b538fd25740ac9d63091ca04aa6cc2bb0702cbfc78d42de981ad
Detection ratio:  6 / 54
First submission:  2016-01-25 23:09:11 UTC
VirusTotal link:  click here

 

POST-INFECTION MALWARE - 2 OF 2:

File name:  2016-01-25-EITest-Angler-EK-post-infection-malware-2-of-2.exe
File size:  124.0 KB ( 126,976 bytes )
MD5 hash:  6a003329c214286b5a923198aaaeb066
SHA1 hash:  d6ce3ecb288de8943c2b3e7d241122173767a17e
SHA256 hash:  dfff036680ef5f11f7d3936a7761c6530f06058a12680cae789b4ce8ddc96500
Detection ratio:  8 / 53
First submission:  2016-01-25 23:09:26 UTC
VirusTotal link:  click here

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.