[2018-01-26] Seamless->RigEK->GandCrab

January 26, 2018

Overview

Saz file is 2018-01-26_19-47-00.saz

(↓Analysis result using EKFiddle)

Malware

GandCrab

03d68025f52d0930a99a67264a3ddad43d0a8bc9ffa0503e603311a43da1ca28
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

[Seamless]
http[:]//xn--80abmi5aecft.xn--p1acf/gav4.php
↓
[RigEK][Landing Page]
http[:]//5.23.55.131/?MjI3MTI0&TsxqFhQQLnl&NgOYJnRVCskDXRw=YXR0YWNrcw==&jJdWDAlRfSk=bWlzc2luZw==&KEIEgVwnKA=YXR0YWNrcw==&HekxwSAZlGATY=bG9jYXRlZA==&asdsdfs3gd=m2DpvYveOcDPQqyi0zVeAI3nI1bWlsRpar9ikXcyx6a0ZLT-x2NUTp1u9CWUbI&OFExQt=bG9jYXRlZA==&OEjKJgYGQczNTx=c3Rvcm1lZA==&cbDcBhSvxL=cmVwb3J0&SjUCnRgOdYTWj=c3Rvcm1lZA==&VeWoXKdTW=dW5rbm93bg==&FbOmilojOrLWj=YXR0YWNrcw==&IQPtfN=YXR0YWNrcw==&cbfgfsdsdfd=wXrQMvXcJwDQDobGMvrESLtGNknQA0KK2Iv2_dqyEoH9eGnihNzUSkr26B2aC&EGtranqB=c3Rvcm1lZA==&mTsuVgaAEQTpSBf=bG9jYXRlZA==&nmkKcZomJXs=bG9jYXRlZA==&CJkPnlofNL=c3Rvcm1lZA==&CfVQWQsp=ZGVub21pbmF0aW9ucw==&yNvQsIcCsfBHsk=Y2FwaXRhbA==&lvdxYitOfkhvmeH=ZGVub21pbmF0aW9ucw==&tSOPVmNeFCj=dW5rbm93bg==&BuhrfMtTZBfoLUF=bWlzc2luZw==
↓
[RigEK][SWF Payload]
http[:]//5.23.55.131/?NTU2Njgz&BFXgglmB&AWNBhfoXrRLEBog=bWlzc2luZw==&sRLmeo=ZGVub21pbmF0aW9ucw==&dbaesmvSoNJZa=dW5rbm93bg==&fjKNBeElkVdK=c3Rvcm1lZA==&Lwfjomq=dW5rbm93bg==&ojKRHANEYpayR=YXR0YWNrcw==&JfqSAuLtMlarlq=bWlzc2luZw==&rxHGzcaLihytUx=dW5rbm93bg==&zUyqdwirNlb=cmVwb3J0&BMjfPbl=c3Rvcm1lZA==&piQbrJ=cmVwb3J0&DPDRicHs=bWlzc2luZw==&jqkqLyjueSTsAH=Y2FwaXRhbA==&yQVWxBvACgI=bG9jYXRlZA==&DQMiSRWTVqos=bWlzc2luZw==&cEcRfCLDTPZc=YXR0YWNrcw==&RugvnSIFJynIOm=bWlzc2luZw==&asdsdfs3gd=DpvUveOcDPQqyjkzVeAI3nI1eWlsRpar9ikXcyx6a0ZLT-R2NUQJC-5CRJPJ8jm0&cbfgfsdsdfd=wXrQMvXcJwDQDobGMvrESLtGNknQA0KK2Iv2_dqyEoH9eGnihNzUSkrw6B2aCm2&PlCOnKCBTmtBN=YXR0YWNrcw==&bvulghNk=bG9jYXRlZA==&vHcfWRjYRordJjr=bWlzc2luZw==