[2018-11-21] HookAds->FalloutEK->AZORult->NetWireRAT

November 21, 2018

Overview

Saz file is 2018-11-21_00-18-18.saz

(↓Analysis result using EKFiddle)

Malware

AZORult

6776d43c7efd0000fdbbecadf2abbbc4b7ee8a7e4720f1d40a2038522f36895d
[Hybrid-Analysis] [VirusTotal]

NetWire RAT

f26073f074041870ed10d94b8060929af4116b3e34f5c4c2c91f011b803b4d37
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

http[:]//datitngforllives.info/?act-mix&source=107084.109660_435650
↓
https[:]//www.abrcizanie.pro/unlimited/aboutus
↓
[Fallout Exploit Kit][Landing Page]
http[:]//getouthere.pw/GUSqgg/retallies-Dewiest.html
↓
[Fallout Exploit Kit][Malware Payload]
http[:]//getouthere.pw/13-01-2014/Whaleman_undereyed_homelife_Mooters_Unpaneled