[2017-12-02] Ngay->RigEK->QuantLoader->Miner
Overview
Saz file is 2017-12-02_13-34-44.saz
(↓Analysis result using EKFiddle)
Malware
QuantLoader
8b29185ed15cc6641a0d106472a9d794dd456c75d3b64ab579778f584ea40efc
[Hybrid-Analysis] [VirusTotal]
C2: ngay16.ru (165.227.195.252), 67.205.149.140
Coin Miner
94a48d5a537379a1fef9cc1a3e33e747990f81a44fc07b3c694328778782887a
[Hybrid-Analysis] [VirusTotal]
Traffic-Chain
[Ngay]
http[:]//tds21.tk/ads
↓
[Ngay]
http[:]//testcamp20.ga/
↓
[RigEK][Landing Page]
http[:]//188.225.11.42/?NTMxMTk4&AGBcPsUCycmVwb3J0RW1zRUFUbUhLYXR0YWNrcw==&bBywBP=ZGVub21pbmF0aW9ucw==&jRRNgaRfqYZ=c3Rvcm1lZA==&vBHvORBEw=c3Rvcm1lZA==&ghjghjfdg=xHrQMrPYbRvFFYHfKP7EUKREMUrWA0SKwY-Zha_VF5-xFDPGpbf1FxzspV-dCF6EmvJvdLcHIwGh1UfA&qpAZnzrGgMVeGU=YXR0YWNrcw==&gQFQvGg=YXR0YWNrcw==&eZqhUXB=bG9jYXRlZA==&rSnvUOTqqI=bWlzc2luZw==&czleoB=YXR0YWNrcw==&tesdfzxc=SwcwyY9cBlkRpKv6hkDczBLK05XT-BaEZghE-JGUFrU5jVygy7QUdMguzhKH6GVZyOktYlkgpQtR2a3I&YrsHvoXUZeVoIpD=c3Rvcm1lZA==&PqelQJ=dW5rbm93bg==&LhcUHuNUPHI=bG9jYXRlZA==&dWqzKhbpDtpG=dW5rbm93bg==&BtvIkJCWZGVub21pbmF0aW9ucw==
↓
[RigEK][SWF Payload]
http[:]//188.225.11.42/?NTQ1OTUz&UsuxTqsTiFQpZRbWlzc2luZ21zWWxFSG9lUllad2lNbg==ZGVub21pbmF0aW9ucw==&SwRkMrTWsqyVtX=c3Rvcm1lZA==&AJjbxCCcy=bWlzc2luZw==&gJupSHkyvzXWD=YXR0YWNrcw==&CrTBOs=Y2FwaXRhbA==&yAdlXpnX=c3Rvcm1lZA==&oRZxyYQDsgL=bWlzc2luZw==&ghjghjfdg=xHrQMrXYbRzFFYDfKPjEUKZEMUrWA0eKwYqZha3VF5qxFDTGpbb1Fx7spVydCFyEmvFvdLcHIwGh1UHASwY&eYBtQiE=c3Rvcm1lZA==&BWUZRnXhubf=cmVwb3J0&AUGNxBtRMONwlca=ZGVub21pbmF0aW9ucw==&tesdfzxc=wyY1cBlsRpKv6hkTczBTK05PT-BCEZglE-JeUFrI5jVygy7UUdM4uzhSH6GBZyOgtW1gT4QsSma_7VaWO-w&mDUGukvVKwoDR=ZGVub21pbmF0aW9ucw==&emBHvvzSmKE=Y2FwaXRhbA==&WSLIoGiinVG=dW5rbm93bg==&HBXYTQYXR0YWNrcw==