Tuesday, May 17, 2016

Mobile Malware Intercepted, Hundreds of Users Affected

We've recently intercepted, yet, another, malicious, mobile, malware, exposing, users, to, a, multi-tude, of, malicious, software.

In this, post, we'll, profile, the, campaign, provide, malicious MD5s, expose, the, infrastructure, and, discuss, in-depth, the, tactics, techniques, and, procedures, of, the, cybercriminals, behind, it.

Malicious MD5 known to have been part of the campaign:
MD5: febc8518183e13114e7e4da996e64270

Once executed a sample malware phones back to the following C&C server:
hxxp://adultix.ru - 91.200.14.105; 185.87.51.121; 94.142.141.18
hxxp://xxxmobiletubez.com - 54.72.130.67; 89.144.14.59

Known to have responded to the same malicious C&C server IP (91.200.14.105) are also the following malicious domains:
hxxp://adultix.ru
hxxp://pixtrxxx.com
hxxp://coreectway.com
hxxp://filingun.com.ua

Known to have responded to the same malicious C&C server IP (185.87.51.121):
hxxp://adultix.ru
hxxp://updsandr.com

Related malicious MD5s known to have phoned back to the same malicious C&C server IP (185.87.51.121):
MD5: 662e459a0b3a08f5632934565e8d898e

Known to have responded to the same malicious C&C server IP (94.142.141.18) are also the following malicious domains:
hxxp://updforphone.com
hxxp://adultix.ru

Related malicious MD5s, know, to, have, phoned, back, to, the, same, C&C server IP (91.200.14.105):
MD5: 034f764d5d87d15680fff0256a7cf3f0
MD5: 6a5320f495250ab5e1965fcc3814ef06
MD5: 5a324d1e2dd88a57df0ae34ef1c8c687
MD5: d8f1b92d104c4e68e86f99e7f855caf8
MD5: 1b31d8db32fb7117d7cf985940a10c54

Known to have phoned back to the same malicious C&C server IP (54.72.130.67) are also the following malicious MD5s:
MD5: 007dbbed15e254cba024ea1fb553fbb2
MD5: 0b6c1377fc124cc5de66f39397d0a502
MD5: 2cfba1bce9ee1cfe1f371bcf1755840d
MD5: 26004eacdd59dcc4fd5fd82423079182
MD5: 2a1cfc13dac8cea53ce8937ee9b7a2fe

Once executed a sample malware phones back to the following C&C server:
hxxp://toolkitgold.org (54.72.130.67)

We'll continue monitoring, the, campaign, and post, updates, as, soon, as, new, developments, take, place.