[2018-10-20] Unknown->FalloutEK->GandCrab

October 20, 2018

Overview

Saz file is 2018-10-20_23-21-34.saz

(↓Analysis result using EKFiddle)

Malware

GandCrab

229bd13628c1ae3e84a9c7860617b836accde4d932d2a2dc9db64e78c211da41
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

http[:]//89.34.111.126:18001/in/kr/
↓
http[:]//37.1.221.103/123.php
↓
[Fallout Exploit Kit][Landing Page]
http[:]//myhouseincartoon.xyz/4n6Y/7479_halawi/7656/Xylosma?wkcapgkYK=corridor_10273_comitiva_Woodbind&Waspiest=slashes&KgRT=22-09-1965&vykH=UpCqcPd
↓
[Fallout Exploit Kit][Malware Payload]
http[:]//myhouseincartoon.xyz/pickwork/lararium/seginus_Forhooy_hieratica_Leasable_Piquero/Speciated_thrashers_Searness_Sulfatase_regears.cfml?lVbgWJGo=Strolling