Personal blog of Alex Muratov

RedKit Java exploit – under the hood

Posted on July 2, 2013 | in Malware | by

VirusHere I put some technical details about RedKit Java exploit.
I will use real sample of captured network traffic. The analysis was done using the following tools: CuckooBox 0.6, Java Decompiler GUI, Wireshark.

Don’t follow any URLs in this post! They may still contain the malware.

OK, now step 1: a victim visits an infected web page at simtek.cc.free.fr

Browser loads a pretty simple web page with a Flash video to entertain a victim while malware is loading.

Here is the network capture:

launchpad-1

It looks like nothing is wrong, but … it contains an injected iframe that redirects browser to another host: qiqojahe.ru:

launchpad-2

Leave a Reply

BOINC

BOINC

Ads

Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Calendar

July 2013
M T W T F S S
« May   Nov »
1234567
891011121314
15161718192021
22232425262728
293031  
%d bloggers like this: