[2018-01-30] Seamless->RigEK->Ramnit
Overview
Saz file is 2018-01-30_23-53-32.saz
(↓Analysis result using EKFiddle)
Malware
Ramnit
e114e6792f3cbef8396704e9aa5a95d5b391ffe515a4c587184b67d5408e8c9a
[Hybrid-Analysis] [VirusTotal]
Traffic-Chain
[Seamless]
http[:]//xn--80acvhc3abphaf7h.xn--p1ai/redirect.php
↓
http[:]//jusilined-plevel.com/voluum/b3de3e7d-21ad-48e7-8b0f-86fa2152bef0
↓
http[:]//redirect.jusilined-plevel.com/redirect?target=BASE64aHR0cDovL3huLS04MGFoYzVhZGViYnhrYjVkLnhuLS1wMWFpL2dhdjIucGhw&ts=1517324153049&hash=poUydF0QO-hUQX2L3Sikhx_Q2g1XDtnNfcCMAjes6cw&rm=D
↓
[Seamless]
http[:]//xn--80ahc5adebbxkb5d.xn--p1ai/gav2.php
↓
[RigEK][Landing Page]
http[:]//176.57.220.44/?MzQ0ODY3&maCFKxJDPu&GvaaJElbCkrAft=bG9jYXRlZA==&dSsLmZiWOfcCtPs=ZGVub21pbmF0aW9ucw==&HuGxJPWgOo=dW5rbm93bg==&lsYYpXVckPJ=YXR0YWNrcw==&dfg4fd=h86Ioe-RRNAvoixOGKFBhlI1VAFpF8aqqj0ncyBKVhpaHrB3bNw51z6LRVvQ-2w&sdfgf3=wHjQMvXcJwDJFYbGMvrETaNbNknQA0KPxpH2_drUdZqxKGni1eb5UUSk6FuCEh3&mkPpizwYsHbrIkt=c3Rvcm1lZA==&NXZWMmUGX=bG9jYXRlZA==
↓
[RigEK][SWF Payload]
http[:]//176.57.220.44/?MzY0NjY0&LjSYnUvzNYAZx&sdfgf3=w3rQMvXcJxvQFYbGMvjDSKNbNkvWHViPxoqG9MildZuqZGX_k7fDfF-qoV7cCgWRxfA&dfg4fd=rfOQGPAfohUzWfQAyyY5VWllB9_-ojUfUwR-dhJOL_BDcaQ4TqaKSFrc531jFjLJTJvs&OcGYeTGenecxm=dW5rbm93bg==&bTgeiSkcmIZuxY=YXR0YWNrcw==&LSVGBQfHKmlZFy=bWlzc2luZw==&blyWkfdvMQe=bG9jYXRlZA==&kGNJaHK=cmVwb3J0&QfOsWUZ=bG9jYXRlZA==