Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- =========================================
- #MalwareMustDie
- Latest Cridex/Fareit Infection via BHEK
- (Credential Stealer Crime Evidence)
- BHEK Domain / host used: eziponoma.ru:8080
- @unixfreaxjp /malware]$ date
- Sat Jan 26 19:56:20 JST 2013
- =========================================
- // infector
- h00p://www.tounichi-g.co.jp/info.htm (redirector)
- h00p://eziponoma.ru:8080/forum/links/column.php (landing page)
- // swf
- h00p://eziponoma.ru:8080/forum/links/column.php?uvdexgag=30:1n:1i:1i:33&wyxtg=3m:34:33:3k:3d&plxyuc=2v:1k:1m:32:33:1k:1k:31:1j:1o&zgcoapeq=dsl
- h00p://eziponoma.ru:8080/forum/links/column.php?uhe=30:1n:1i:1i:33&gwapy=3c:3k:38:3e&arp=2v:1k:1m:32:33:1k:1k:31:1j:1o&kwo=lxmxja
- // pdf
- h00p://eziponoma.ru:8080/forum/links/column.php?dalzfmq=30:1n:1i:1i:33&msrsrdpm=3f:39:32&jddzbak=2v:1k:1m:32:33:1k:1k:31:1j:1o&sqlxaoig=1k:1d:1f:1d:1g:1d:1f
- h00p://eziponoma.ru:8080/forum/links/column.php?qaxcdv=30:1n:1i:1i:33&opynqk=39&tviura=2v:1k:1m:32:33:1k:1k:31:1j:1o&mddqxkqz=1k:1d:1f:1d:1g:1d:1f
- // payload
- h00p://eziponoma.ru:8080/forum/links/column.php?nf=30:1n:1i:1i:33&ye=2v:1k:1m:32:33:1k:1k:31:1j:1o&z=1k&sg=n&sc=c
- //samples (with MD5 + UrlQuery report url)
- 2013/01/26 18:11 d0fe2ce87f933ff73f5ce0c0efadd462 422 info.htm http://urlquery.net/report.php?id=850246
- 2013/01/26 18:21 f1b7f17e653cdedbfc78d3e9fa2bef4d 117,752 column.php http://urlquery.net/report.php?id=842744
- 2013/01/26 19:15 d60be18003ae07ea165d193db087957b 7,238 flash1.swf http://urlquery.net/report.php?id=850229
- 2013/01/26 19:16 a5a1308ee3ca7f75fe85fe4d9a14752f 946 flash2.swf http://urlquery.net/report.php?id=850230
- 2013/01/26 19:17 361f6e22e55ca3732d8cbeff43ecb1d4 21,599 infector1.pdf http://urlquery.net/report.php?id=850240
- 2013/01/26 19:17 ef4c398c0138c3e8adabcdb647b2283b 11,183 infector2.pdf http://urlquery.net/report.php?id=850236
- 2013/01/26 18:23 95c06ae7b26fcbe338532bbaa1e137c4 15,420 java1.jar http://urlquery.net/report.php?id=842744
- 2013/01/26 18:24 5599f12b1c2ce9c68dc629d013241273 15,592 java2.jar http://urlquery.net/report.php?id=842744
- 2013/01/26 18:42 9fb4dd1b3e0b6002eff7e6f63a6b6d07 98,304 about.exe http://urlquery.net/report.php?id=850234
- 2013/01/26 20:39 b152dacee9c5ca22543fe9e435177496 110,592 KB00777165.exe -
- //additional: plugindetect
- 2013/01/26 19:12 47a1882f9677bb24f51405d71c6c7536 56,904 BHEK-PD079.txt
- // Virus Total: (as per above sample sequence)
- https://www.virustotal.com/file/1da4c5bf69ae062b525c25538401b9fc6752b0780f4e9494431140350fc74ac9/analysis/1359196122/
- https://www.virustotal.com/file/59ab9f3e6a2cf40f8ce5ff37d5afdc36e68bd9c59facf72b3537adeb178fd105/analysis/1359196138/
- https://www.virustotal.com/file/f41f8102bb2d7b0e7bf97f61332e768d63fb5ccfa35693b5857c23b9e58e9622/analysis/1359196175/
- https://www.virustotal.com/file/3beb8ae0ce0ba1c7a8235d93aefcadded2ab7917414b70ce424836ad0ca4a721/analysis/1359196214/
- https://www.virustotal.com/file/66fb2a78aaef9b11d1e0adfaa49a81f380248230add1663cb7a75bd263b854e4/analysis/1359196230/
- https://www.virustotal.com/file/1fa06ce003b01fbc41b9e959f1d478f3ba56fe367f498921a757255627c67bb0/analysis/1359196247/
- https://www.virustotal.com/file/7ef8f67e7e4b39086387570b7fd8de505684b87318e9acccef34e20e0a8122b4/analysis/1359196264/
- https://www.virustotal.com/file/63106ebc5076fe6e1c8195a4e5f0dfb35668c0b0334e9e7fa840f4a28ce4830c/analysis/1359196283/
- https://www.virustotal.com/file/4ac71ec87577944cfb098b379bd55e9ddc8234cd791d994f621b892d969c699f/analysis/1359193394/
- https://www.virustotal.com/file/6a18c125b64f20432f8bb63ab92afcbaf9bc234968c8e8c2b472832877ee35a7/analysis/1359275410/
- ----
- #MalwareMustDie!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement