Neutrino Exploits flash 21,0,0,213 sending DMA Locker 4.0 Ransomware

by Analysis in EITEST

ASSOCIATED DOMAINS:

  • 85.93.0.81 – ctchris.tk – EITEST GATE
  • 81.2.240.180 – xoytcce.vublacku.top – Neutrino EK LANDING PAGE
  • 80.87.205.115 – GET /2/x64.exe – DMA LOCKER DOWNLOAD
  • 80.87.205.115 – GET /2/bbv.exe – DMA LOCKER DOWNLOAD
  • 5.8.63.54 – GET /crypto/gate?action=0 – DMA LOCKER C2

 

IMAGES and DETAILS:

Shown above: EITEST Gate, Neutrino landing page, DMA Locker download and check-in

 

Shown above: Making it harder to classify Exploit Kit

 

Shown above: Neutrino exploiting flash version 21,0,0,213

 

Shown above: DMA Locker 4.0 ransom note

 

MALICIOUS PAYLOAD DELIVERED BY NEUTRINO EXPLOIT KIT:

 

 

 

Tagged with: ,