2015-05-24 - NEUTRINO EK FROM 193.242.211[.]149
NOTICE:
- The zip archives on this page have been updated, and they now use the new password scheme. For the new password, see the "about" page of this website.
ASSOCIATED FILES:
CHAIN OF EVENTS
ASSOCIATED DOMAINS:
- 50.62.168[.]3 port 80 - books.eaiesb[.]org - Redirect (gate)
- 193.242.211[.]149 port 23513 - rmuxvayun.pkrgzrpdebksbl[.]gq:23513 - Neutrino EK
- 193.242.211[.]149 port 13249 - soeon.pkrgzrpdebksbl[.]gq:13249 - Neutrino EK
DATE/TIME OF THE ACTIVITY:
- Friday 2015-04-24 at 15:35 UTC
TRAFFIC:
- books.eaiesb[.]org - GET /v7ncwkdx.php?id=137838
- rmuxvayun.pkrgzrpdebksbl[.]gq:23513 - GET /eater.htm?little=15162&extent=kiss&switch=19450
- rmuxvayun.pkrgzrpdebksbl[.]gq:23513 - GET /tool.phtml?obey=tremble&brandy=61722&kindle=2690&launch=16659
- soeon.pkrgzrpdebksbl[.]gq:13249 - GET /flap/97062/seldom/59331/decision/undoubted/boat/58777/sideway/42673/case/12909/bare/6374/
- soeon.pkrgzrpdebksbl[.]gq:13249 - GET /split.aspx?quiet=state&either=61298&route=front&beast=18963&emerge=36201&warmth=92636&wail=3860&sleep=29456
- soeon.pkrgzrpdebksbl[.]gq:13249 - GET /dormitory/monkey/loose/forth/upper/83734/candle/16584/round/24347/find/2805/short/99447/harm/2461/expensive/52099/
- soeon.pkrgzrpdebksbl[.]gq:13249 - GET /patch/sacrifice/play/attitude/christmas/radio/second/75392/risk/92839/with/39798/anymore/33018/
- soeon.pkrgzrpdebksbl[.]gq:13249 - GET /control/74279/tidings/42922/even/52095/distract/already/cheerful/77883/poke/brief/handle/57755/
MALWARE
FLASH EXPLOIT:
File name: 2015-04-24-Neutrino-EK-flash-exploit.swf
File size: 41,703 bytes
MD5 hash: 299fbdcc18026be07fa1dcdfa4b195ca
Detection ratio: 1 / 57
First submission to VirusTotal: 2015-04-24 16:09:57 UTC
MALWARE PAYLOAD:
File name: 2015-04-24-Neutrino-EK-malware-payload.exe
File size: 343,552 bytes
MD5 hash: 174a16e10cfb51b0ea10c4e4a1f5d3b4
Detection ratio: 35 / 57
First submission to VirusTotal: 2015-04-16 16:19:52 UTC
Click here to return to the main page.