[2017-12-13] Ngay->RigEK->QuantLoader->Miner
Overview
Saz file is 2017-12-13_09-59-03.saz
(↓Analysis result using EKFiddle)
Malware
QuantLoader
527a757c937ad6a7a8b3f2f4fec261db3af4c10657414450085079bdd2a69715
[Hybrid-Analysis] [VirusTotal]
C2: ngay16.ru (165.227.195.252), 67.205.149.140
Coin Miner
7f55ffb0790a62ae0eb993bd241dd5234f67d1da0f5cf4c591f719b0f299631e
[Hybrid-Analysis] [VirusTotal]
Traffic-Chain
[Ngay]
http[:]//nitroico.stream/ico
↓
[Ngay]
http[:]//174.138.32.62/?_subid=pjhaof1b05p5ts5gu&_token=uuid_pjhaof1b05p5ts5gu_pjhaof1b05p5ts5gu5a307bb985ae04.07318436
↓
[RigEK][Landing Page]
http[:]//5.23.48.155/?NjA5MTY2&tTkWVMaYXR0YWNrc3NiS2RRVkNFY0FBT05jVQ==bWlzc2luZw==&ziFpFsusJgCeuWb=ZGVub21pbmF0aW9ucw==&hmfocpqDG=bWlzc2luZw==&pgNiYeBRvayLiK=dW5rbm93bg==&cBzGlnUTRqsTqz=bG9jYXRlZA==&MfNqLjuotW=bG9jYXRlZA==&ssddfgdf=xHzQMrLYbRzFFYffKPjEUKZEMU7WA0OKwYyZha_VF52xFDTGpbH1FxnspVmdCFiEmvFvdLYHIwKh1UTA&gLXPhSxDHLZA=dW5rbm93bg==&FPhPkcBrfAVO=bWlzc2luZw==&KOoHDwzbZhN=cmVwb3J0&CkCtnd=dW5rbm93bg==&bCdrjsPOKOl=bWlzc2luZw==&aAApGoxFsZwN=ZGVub21pbmF0aW9ucw==&AjuULgcZEJXVod=bG9jYXRlZA==&fgdfgfdgh=Swdmm4xeW1sToaut3UKBzxSZ1paGrhfZNwhBqZGSRrI6jlmhybQSJsp2lhXU6GJRnuktYl4gpQhR2avI&IitBqMvBJqnKDkdY2FwaXRhbA==
↓
[RigEK][SWF Payload]
http[:]//5.23.48.155/?MjE3ODg3&XAAHVaXzpxpLfedW5rbm93bm13ek51dnloSUZkZGVub21pbmF0aW9ucw==&qJJvAqDoAPwIPh=bWlzc2luZw==&EGcHmXpjGf=dW5rbm93bg==&wOqbvsIHqYRXdF=dW5rbm93bg==&ssddfgdf=xH3QMrPYbRzFFYPfKP_EUKZEMUvWA0WKwYuZhavVF52xFDfGpbL1Fx7spVydCF-EmvdvdLEHIweh1UDASwd&ZkuMFcF=cmVwb3J0&XJPEmUDSbgJJ=bG9jYXRlZA==&alOrvjeYn=bWlzc2luZw==&iNjlhhaKPswx=c3Rvcm1lZA==&sLIZXCTurkvM=Y2FwaXRhbA==&uTclQf=dW5rbm93bg==&ZrLaxvKjJEiaHl=cmVwb3J0&fgdfgfdgh=mm4peW1gToa2t3UCBzxKZ1pSGrhTZNw9BqZaSRrA6jl6hybQSJs92lhXU6GJRnustVFgY5wsWmK_7VaCO-w&WCduYO=Y2FwaXRhbA==&TZqddUmk=cmVwb3J0&nQIOqpKrnjHLyc3Rvcm1lZA==