Sundown EK variant dropping a Cryptocurrency Miner
released on 2017-01-07 @ 01:40:56 AM
MalwareBytes recently encountered an atypical case of Sundown EK in the wild – usually the landing page is obfuscated, but in this case there was plain JavaScript. The exploit was dropping some malicious payloads that we took for further analysis. It turned out that they are also atypical by many means. In this article, we will describe the details of our investigation.