[2017-12-06] KaiXinEK->Gh0stRAT

December 06, 2017

Overview

Saz file is 2017-12-06_22-53-44.saz

(↓Analysis result using EKFiddle)

Malware

Gh0st RAT

b739076d107965600dfdb92536faa8638deb6d0dcfba5fc6e653ec12853c215c
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

[KaiXinEK][Landing Page]
http[:]//korearac.com
↓
[KaiXinEK][SWF Loader]
http[:]//korearac.com/XgQsXo.html
↓
[KaiXinEK][SWF Payload]
http[:]//korearac.com/bin_do.swf

[KaiXinEK][Landing Page]
http[:]//korearac.com
↓
[KaiXinEK][CVE-2016-0189]
http[:]//korearac.com/RuUhUv.html