2017-06-19 - RIG EK FROM THE HOOKADS CAMPAIGN SENDS DREAMBOT

ASSOCIATED FILES:

  • 2017-06-19-HookAds-Rig-EK-sends-Dreambot.pcap   (2,839,777 bytes)
  • 2017-06-19-HookAds-Rig-EK-payload-Dreambot-2nxu57tc.exe   (350,208 bytes)
  • 2017-06-19-Rig-EK-artifact-o32.tmp.txt   (1,141 bytes)
  • 2017-06-19-Rig-EK-flash-exploit.swf   (16,296 bytes)
  • 2017-06-19-Rig-EK-landing-page.txt   (60,928 bytes)
  • 2017-06-19-original-site-popunder.php.txt   (603 bytes)
  • 2017-06-19-sungary.info-uaps.txt   (5,736 bytes)

 

BACKGROUND ON THE HOOKADS CAMPAIGN:

 

TRAFFIC


Shown above:  Traffic from the infection filtered in Wireshark.

 

ASSOCIATED DOMAINS:

 

FILE HASHES

FLASH EXPLOIT:

MALWARE RETRIEVED FROM THE INFECTED HOST:

 

FINAL NOTES

Once again, here are the associated files:

ZIP files are password-protected with the standard password.  If you don't know it, look at the "about" page of this website.

Click here to return to the main page.