Here are the files that were executed to generate the traffic and pcap in the previous post:
Eorezo – sunnyday.exe
https://malwr.com/analysis/YzcxYTM0MzYxNGUyNDBjZjkyZjdlYzAyNzdkMTg5OWU/
https://virustotal.com/en/file/d1ae1454cca36dce4a687846ec394c542b13e829755c40653fbd495d95b02197/analysis/1472172878/
Farfli – netstream.exe
https://virustotal.com/en/file/969063116b1c717cd07015e04ecd6c2a6ad883da7dbcd2a4cd157100fa9c7b50/analysis/1472173093/
Citidel
https://virustotal.com/en/file/0765a0d3e6349761704d837f0d0a873a50a7e91a6efda972d1e82cf18df0ecbd/analysis/1472173251/
SHA256: 0765a0d3e6349761704d837f0d0a873a50a7e91a6efda972d1e82cf18df0ecbd
File name: PROTESTO.exe
Detection ratio: 40 / 54
Analysis date: 2016-08-26 01:00:51 UTC ( 0 minutes ago )
Banking Trojan CRDF.Trojan.Trojan-Spy.Banker.Citadel109468358
SHA256: 3903a5ba4a893621c272bde6bfc9407b8f4595e8965b907e22fe4a1ac9f7b535
File name: us.exe
Detection ratio: 47 / 56
Analysis date: 2016-08-26 01:03:48 UTC ( 0 minutes ago )
ZBOT / Banking Trojan
SHA256: a32468ee49dad05def0fabc79b44b053490d8ff663ee95007d61bb47a7024bc7
File name: inst1.exe
Detection ratio: 38 / 53
Papras / Password Stealer / Banking Trojan
Eorezo – sunnyday.exe
https://malwr.com/analysis/YzcxYTM0MzYxNGUyNDBjZjkyZjdlYzAyNzdkMTg5OWU/
https://virustotal.com/en/file/d1ae1454cca36dce4a687846ec394c542b13e829755c40653fbd495d95b02197/analysis/1472172878/
Farfli – netstream.exe
https://virustotal.com/en/file/969063116b1c717cd07015e04ecd6c2a6ad883da7dbcd2a4cd157100fa9c7b50/analysis/1472173093/
Citidel
https://virustotal.com/en/file/0765a0d3e6349761704d837f0d0a873a50a7e91a6efda972d1e82cf18df0ecbd/analysis/1472173251/
SHA256: 0765a0d3e6349761704d837f0d0a873a50a7e91a6efda972d1e82cf18df0ecbd
File name: PROTESTO.exe
Detection ratio: 40 / 54
Analysis date: 2016-08-26 01:00:51 UTC ( 0 minutes ago )
Banking Trojan CRDF.Trojan.Trojan-Spy.Banker.Citadel109468358
SHA256: 3903a5ba4a893621c272bde6bfc9407b8f4595e8965b907e22fe4a1ac9f7b535
File name: us.exe
Detection ratio: 47 / 56
Analysis date: 2016-08-26 01:03:48 UTC ( 0 minutes ago )
ZBOT / Banking Trojan
SHA256: a32468ee49dad05def0fabc79b44b053490d8ff663ee95007d61bb47a7024bc7
File name: inst1.exe
Detection ratio: 38 / 53
Papras / Password Stealer / Banking Trojan
SHA256: ded40777eac5bfbb4c7a18108fee9023479ad94ebbe301dfaf31805d7612e8ae
File name: inst3.exe
Detection ratio: 39 / 55
Analysis date: 2016-08-26 01:08:30 UTC ( 0 minutes ago )
https://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/Eorezo/detailed-analysis.aspx
SHA256: ded40777eac5bfbb4c7a18108fee9023479ad94ebbe301dfaf31805d7612e8ae
File name: inst3.exe
Detection ratio: 39 / 55
Analysis date: 2016-08-26 01:08:30 UTC ( 0 minutes ago )
https://www.sophos.com/en-us/threat-center/threat-analyses/adware-and-puas/Eorezo/detailed-analysis.aspx
This post first appeared on Computer Security.org - CyberSecurity News, Inform, please read the originial post: here