Live Security Professional
Couple of days ago our Friends @ ThreatTrack Security mentioned that Reveton Malware Family replaced Desktop Hijacking with classic Fake AV.
As we continue to see malware hijacking Desktop this particular malware campaign brings back the memory of classic Scareware/Fake AV.
Today we stumbled upon the ExploitKit that is pushing Live Security Professional rogue application.
Screenshot of Live Security Professional application
ExploitKit Details:
Landing page:
URL: hxxp://beg.rocklandgrad.com/forum/wm/keys/board.php?connect=17
JAR Files:
MD5: e3675273325b7f7df3b13fe93cd30fac VT 1 / 45
MD5: 8a6e45d16c82c4c79cbd7730207183ca VT 4 / 45
URL: hxxp://beg.rocklandgrad.com/forum/wm/keys/WFolw
URL: hxxp://beg.rocklandgrad.com/forum/wm/keys/7T8INre2
MD5: e3675273325b7f7df3b13fe93cd30fac VT 1 / 45
MD5: 8a6e45d16c82c4c79cbd7730207183ca VT 4 / 45
URL: hxxp://beg.rocklandgrad.com/forum/wm/keys/WFolw
URL: hxxp://beg.rocklandgrad.com/forum/wm/keys/7T8INre2
Payload:
MD5: e5a2409ad36943053135ba9bd3e08ba6 VT 3 / 45
URL: Encrypted Binary
hxxp://down.jjconway.com/backend.php?nomic=638&main=7&watch=112&energy=1121&beta=400&bugs=134&linux=168&rates=371&apply=677&outdoors=1569755419
MD5: e5a2409ad36943053135ba9bd3e08ba6 VT 3 / 45
URL: Encrypted Binary
hxxp://down.jjconway.com/backend.php?nomic=638&main=7&watch=112&energy=1121&beta=400&bugs=134&linux=168&rates=371&apply=677&outdoors=1569755419
Bharath M N