Malware-Traffic-Analysis.net - 2018-03-15 - Quick post: Rig EK sends GandCrab ransomware

2018-03-15 - QUICK POST: RIG EK SENDS GANDCRAB RANSOMWARE

ASSOCIATED FILES:

Zip archive of the traffic: 2018-03-15-Rig-EK-traffic.pcap.zip 271 kB (270,753 bytes)

2018-03-15-Rig-EK-traffic.pcap (279,647 bytes)

Zip archive of the associated malware and artifacts: 2018-03-15-Rig-EK-malware-and-artifacts.zip 226 kB (226,065 bytes)

2018-03-15-Rig-EK-artifacts-u32.tmp.txt (1,141 bytes)

2018-03-15-Rig-EK-flash-exploit.swf (15,951 bytes)

2018-03-15-Rig-EK-landing-page.txt (95,708 bytes)

2018-03-15-Rig-EK-payload-GandCrab-ransomware.exe (217,608 bytes)

NOTES:

This example only contains the Rig EK traffic (no pre- or post-infection activity).
Not sure which campaign this is from.
Unfortunately, I cannot share the traffic leading up to this example.
It didn't look like any of the usual campaigns I've run across before, so I doubt it's from the Fobos, HookAds, or Seamless campaigns.

Zip archives are password-protected with the standard password. If you don't know it, look at the "about" page of this website.

Click here to return to the main page.