Home / malwarePDF  

Exploit:JS/Meadgive


First posted on 15 February 2019.
Source: Microsoft

Aliases :

There are no other names known for Exploit:JS/Meadgive.

Explanation :

Exploit:JS/Meadgive is an obfuscated JavaScript embedded in an HTML page.

When it loads in a browser, it displays a message that the page is still loading; however, in the background, it tries to exploit the following vulnerabilities:

CVE-2015-0311 (Adobe Flash Player through 13.0.0.262 and 14.x, 15.x and 16.x through 16.0.0.287 on Windows and Mac OS X, and through 11.2.202.438 on Linux) CVE-2012-1723 (Oracle Java SE 7 update 4 and earlier, 6 update 32 and earlier, 5 update 35 and earlier, and 1.4.2_37 and earlier) CVE-2013-1493 (Oracle Java SE 7 Update 15 and earlier, 6 Update 41 and earlier, and 5.0 Update 40 and earlier) CVE-2013-2423 (Oracle Java SE 7 Update 17 and earlier, and OpenJDK 7) CVE-2013-0074 (Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0) CVE-2013-3896 (Microsoft Silverlight 5 before 5.1.20913.0) CVE-2013-2551 (Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10)

If it successfully exploits any of these vulnerabilities, it runs code that drops and runs its VBScript component. This script, detected as TrojanDownloader:VBS/Meadgive.A, downloads and runs other malware from certain servers. These servers might be malicious, while others might be legitimate servers that have been hacked to host malware. Examples of the servers that it connects to download other malware are:

arganicaoil.com mountainmods.com nazdrowieusmiech.pl soylu.net sd2575.sivit.org yourmed.pl

Analysis by Jayronn Christian Bucu

Last update 15 February 2019

 

TOP