[2017-11-18] KaiXinEK->RAT

November 18, 2017

Overview

Saz file is 2017-11-18_15-24-08.saz

(↓Analysis result using EKFiddle)

Malware

RAT

f710f3c77276e7082d68d365413a658d80b6cac66c8b0c9a67b20426259a2035
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

[KaiXinEK][Landing Page]
http[:]//googlw.info/11.7/
↓
[KaiXinEK][SWF Loader]
http[:]//googlw.info/11.7/RfVvPx.html
↓
[KaiXinEK][SWF Payload]
http[:]//googlw.info/11.7/bin_do.swf

[KaiXinEK][Landing Page]
http[:]//googlw.info/11.7/
↓
[KaiXinEK][CVE-2016-0189]
http[:]//googlw.info/11.7/OvTiFx.html