Hi folks,
the following information is based on an online article which describes a spear-fishing attack on the Pentagon: http://www.thedailybeast.com/articles/2 ... tagon.html
As you can see, the article is quite entertaining. So, if we believe the provided information the website of the National Endowment for Democracy (ned.org) was compromised to host a malicious file. And the spear-fishing mails contained a link to this file. Indeed, it turned out that a malicious ZIP file was uploaded to ned.org: "www.ned.org/docs/The New Containment Underminig Democracy.ZIP" (now removed)
ZIP: https://www.virustotal.com/en/file/9f46 ... /analysis/
The ZIP file contains a Self-extracting executable named "The New Containment Underminig Democracy.exe".
SFX EXE: https://www.virustotal.com/en/file/7b3e ... /analysis/
The self-extracting executable contains an executable named "readerView.exe" and a decoy document named "382212.pdf".
EXE: https://www.virustotal.com/en/file/ee5e ... /analysis/
The executable is a downloader that requests the real payload which is unfortunately missing. It tries to download the following SWF file: "http://connectads.com/events/power/2/loading.swf" (now removed)
The full analysis of MiniDionis can be found here: http://researchcenter.paloaltonetworks. ... o-seaduke/
All mentioned files + more MiniDionis samples are attached.
That's all
the following information is based on an online article which describes a spear-fishing attack on the Pentagon: http://www.thedailybeast.com/articles/2 ... tagon.html
As you can see, the article is quite entertaining. So, if we believe the provided information the website of the National Endowment for Democracy (ned.org) was compromised to host a malicious file. And the spear-fishing mails contained a link to this file. Indeed, it turned out that a malicious ZIP file was uploaded to ned.org: "www.ned.org/docs/The New Containment Underminig Democracy.ZIP" (now removed)
ZIP: https://www.virustotal.com/en/file/9f46 ... /analysis/
The ZIP file contains a Self-extracting executable named "The New Containment Underminig Democracy.exe".
SFX EXE: https://www.virustotal.com/en/file/7b3e ... /analysis/
The self-extracting executable contains an executable named "readerView.exe" and a decoy document named "382212.pdf".
EXE: https://www.virustotal.com/en/file/ee5e ... /analysis/
The executable is a downloader that requests the real payload which is unfortunately missing. It tries to download the following SWF file: "http://connectads.com/events/power/2/loading.swf" (now removed)
The full analysis of MiniDionis can be found here: http://researchcenter.paloaltonetworks. ... o-seaduke/
All mentioned files + more MiniDionis samples are attached.
That's all
Attachments
PW: infected
(1.76 MiB) Downloaded 93 times
(1.76 MiB) Downloaded 93 times
PW: infected
(1.86 MiB) Downloaded 80 times
(1.86 MiB) Downloaded 80 times
Malware Reversing
http://www.malware-reversing.com
http://www.malware-reversing.com
