[2017-11-06] Fobos->RigEK->Bunitu
Overview
Saz file is 2017-11-06_22-50-14.saz
(↓Analysis result using EKFiddle)
Malware
Bunitu
7a345e4ccf3477f4b71ef7640890e92b6f67118633477a1a769e35395cc23798
[Hybrid-Analysis] [VirusTotal]
Traffic-Chain
[Fobos]
http[:]//newbent.info/
↓
[Fobos]
http[:]//51lkhgfhdj.pw/fia/?re=611659433605
↓
[RigEK][Landing Page]
http[:]//92.53.97.75/?NTMyNjE2&NMKSUKZGVub21pbmF0aW9uc1RDcnFZaXJlaQ==ZGVub21pbmF0aW9ucw==&gqYVqZUfzcoC=YXR0YWNrcw==&sghjdfgdfd=xH3QMrTYbR3FFYffKP_EUKZEMUvWA0OKwYuZharVF5yxFDTGpbL1Fx7spV-dCFiEmvdvdLcHIwKh1UfA&KiDcldIstHnKHh=dW5rbm93bg==&sfghfgdhs=SwBimo9eBlgWoqqqjETTnBWc1JOLqRSIZQlHrJCRF7I42FimzLNCds8kwxPQ4GRTnustYlkgpQ5R2a_I&oQUIyisfqjn=Y2FwaXRhbA==&ASFzGuXRDrmsLsd=bWlzc2luZw==&OwOIZNOyljtuPug=bG9jYXRlZA==&dZRCGlAy=dW5rbm93bg==&CmyHDJQfYHaHfi=cmVwb3J0&keKrqNr=YXR0YWNrcw==&XRDKiLag=ZGVub21pbmF0aW9ucw==&ocRsOaaYPAiid=ZGVub21pbmF0aW9ucw==&XtQviIfql=YXR0YWNrcw==&yjyYwvQa=ZGVub21pbmF0aW9ucw==&oTiWWDmDbG9jYXRlZA==
↓
[RigEK][SWF Payload]
http[:]//92.53.97.75/?MjU4Mzc3&cZByRgHY2FwaXRhbHh5TXRhcEF4WVY=cmVwb3J0&AZqCMivhbX=cmVwb3J0&xYOLBazdS=Y2FwaXRhbA==&NuVGdtj=YXR0YWNrcw==&xVpswxjhoVZiY=cmVwb3J0&JHjbeGlmVgmdfk=cmVwb3J0&wdEMKyqiYpzA=ZGVub21pbmF0aW9ucw==&twRFiLpQVqVBC=YXR0YWNrcw==&sghjdfgdfd=xXrQMvWebRXQD53EKvrcT6NBMVHRGECL2YudmrHSefjaflWkzrDFTF_2ozKASASG6_BtdfJRDQ&eCwLTJyCdsjpfm=bG9jYXRlZA==&sfghfgdhs=Dnj0bUfgc0mIxeVA8T9f2n2kXQzRSf05OB-BaNMgtGqZSWF7Vp21T2nbIkd8IixB-K61ETi-5L&KetgiXSSvjbuz=Y2FwaXRhbA==&WjJUhcrfRcHR=Y2FwaXRhbA==&MJtUHmNc=bWlzc2luZw==&BhRKRLSUdXLfFCH=c3Rvcm1lZA==&AxLSpFRlTZoTAdW5rbm93bg==