We are investigating the report from one of our colleagues, reporting one website dropped malicious exe files by some java exploit, possibly an already known one. Of course, this is not “that” important, but keep in touch on this:
Hashes
4307f1bf8d41604875d8b21c878659c0 *01388ca50e45.exe
100ad7ab0fff23a0938d5b19ede20362 *01388ca69ef2.exe
eb710f5b0022d35a2cbf0c539528cbb3 *jar_cache875449263521178018.tmp
eb710f5b0022d35a2cbf0c539528cbb3 *jar_cache9086383559255725283.tmp

Inside the jar
f13441dbe92c099f1589e79a8b25f2ef *lei.class
ebe346ef2e2c27c73cd5d76f68e682e6 *pas.class
b9c9522a5ba97f1aec7e0189c6b2ef71 *sax.class
d6d35282a88af5be723137f564e9cb92 *tee.class

Thanks for the info, K.T. (Cuby).
b.

 

Leave a Reply