[2017-11-03] Fobos->RigEK->Bunitu

November 03, 2017

Overview

Saz file is 2017-11-03_00-30-30.saz

Malware

Bunitu

0850b2a29756d05da40c768f3029d329b4e53b33513072f5f73a1f4fca407629
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

[Fobos]
http[:]//girlsonewise.info/
↓
[Fobos]
http[:]//56ikujyth.pw/range/index.php?ps=491625354885
↓
[RigEK][Landing Page]
http[:]//188.225.84.101/?NjI3Nzg4&RINyhhKmblXqDGZGVub21pbmF0aW9uc2FkaExQVEJ0c3Rvcm1lZA==&qjYsLHmmib=c3Rvcm1lZA==&qTVVwnWA=dW5rbm93bg==&XBpykYY=bG9jYXRlZA==&vbgfjhgsds=x3rQdfWZaRyPCYjFM_jdTaFGMUzOGUeIwYufnrDSF5qofzajz7aSFhzw6VmtTzvVgfBOKbZUIgCyiBqEOQE0n-FZEFlK8_6qkEKVzU6YwJ&umfTBKorIP=bG9jYXRlZA==&AsjmGQGHeW=Y2FwaXRhbA==&SXnOybkOkjgWQsj=cmVwb3J0&aVBsfAMIWGEB=dW5rbm93bg==&JJABHNqfOBT=cmVwb3J0&LdLzEFzpFuQY=Y2FwaXRhbA==&aksdgffxv=Oy-BWOZg9E-5KQQLQ621nxzbQSc8kjkhOF7TVTyu4VVlsU5w8VmanPF6KfrhN1UkZkVV7KfZ10pU7HVyLgNTx3g_KLRQt2q-uK8rVw2ZMu&KjnrNPfTM=Y2FwaXRhbA==&kRhjDNU=bG9jYXRlZA==&CvUVFhBwN=YXR0YWNrcw==&galbScJFBQNldPxZGVub21pbmF0aW9ucw==
↓
[RigEK][SWF Payload]
http[:]//188.225.84.101/?NDk2OTQx&pcwQShoDUVOXobG9jYXRlZGRrckZiV1hLR0RQY2FwaXRhbA==&WwcWVcjApLIB=bWlzc2luZw==&JBatwUOlkA=Y2FwaXRhbA==&vNTqyv=bG9jYXRlZA==&FtIBPKxKNGlcsTE=dW5rbm93bg==&wVQFBtIbxIQ=bWlzc2luZw==&SPXOuYMvHBUP=cmVwb3J0&lsVEaXbJO=bWlzc2luZw==&lLoOQSfovjjF=dW5rbm93bg==&vbgfjhgsds=xXrQMvWfbRXQCZ3EKvjcT6NBMVHRGUCL2Y2dmrHVefjaeFWkzrbFTF_2ozKATwSG6_ZtdfJVDQ&yahSwcG=bG9jYXRlZA==&WSrZyamFmChmLaK=c3Rvcm1lZA==&glpCZiSy=Y2FwaXRhbA==&CeDryCdUkEPZ=Y2FwaXRhbA==&aksdgffxv=PmjkSALwFgmIxYVFhG8q76iETdyBCYhpCD-EPeZwkTrMCQRuI83FXzzbQkc8MixBKA6lETi-9L&zjhOlEFdLcmVwb3J0