SHARE
TWEET

2019-01-29 - Fallout EK (HTTPS) sends SmokeLoader -> AZORult

malware_traffic Jan 29th, 2019 (edited) 1,083 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. TWEET WITH SOME IMAGES:
  2.  
  3. - https://twitter.com/malware_traffic/status/1090366374772383745
  4.  
  5. FALLOUT EXPLOIT KIT:
  6.  
  7. - Date/Time: 2019-01-29 at 20:35 UTC
  8. - Domain: get-my-wear[.]website
  9. - IP address: 193.29.56[.]90
  10. - TCP port: 443 (HTTPS traffic)
  11.  
  12. FALLOUT EK LANDING PAGE:
  13.  
  14. - https://pastebin.com/tbHkCp6R
  15.  
  16. FALLOUT EK POSSIBLE EXPLOIT:
  17.  
  18. - https://pastebin.com/EuzzzFTP
  19.  
  20. ASSOCIATED MALWARE:
  21.  
  22. - SHA256 hash: 6bbd8623084a901fd5edf0943e1eb804e02af1d1dca26dfa441b5f90ec838cbc
  23. - File size: 143,872 bytes
  24. - File description: Fallout EK payload - SmokeLoader
  25. - Any.run analysis: https://app.any.run/tasks/f5ed371d-57d1-4183-ac74-b813c6375125
  26. - CAPE sandbox: https://cape.contextis.com/analysis/33535/
  27. - Reverse.it: https://www.reverse.it/sample/6bbd8623084a901fd5edf0943e1eb804e02af1d1dca26dfa441b5f90ec838cbc
  28.  
  29. - SHA256 hash: a12e42af00fdba95ac3b50a0328b0f53881db785fb50f5fa0c819af500116489
  30. - File size: 182,784 bytes
  31. - File description: AZORult
  32. - Any.run analysis: https://app.any.run/tasks/8bea6fec-bb52-4ba3-8d7e-d53bf3aa1b95
  33. - CAPE sandbox: https://cape.contextis.com/analysis/33538/
  34. - Reverse.it: https://www.reverse.it/sample/a12e42af00fdba95ac3b50a0328b0f53881db785fb50f5fa0c819af500116489
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top