[2018-01-31] Fobos->RigEK->Bunitu

January 31, 2018

Overview

Saz file is 2018-01-31_09-59-50.saz

(↓Analysis result using EKFiddle)

Malware

Bunitu

291ce17d3c27e5af0fa9f1bef347110fc08742254ca07cbc590ff813b56b8717
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

[Fobos]
http[:]//freegamesxx.xyz/
↓
[Fobos]
http[:]//hfhfhhff1012.online/oag1m4p/?
↓
[RigEK][Landing Page]
http[:]//92.53.105.69/?NTk3NTgy&lvwnsDBLndMK&wCnHNoIz=cmVwb3J0&bxPJXKTCJNf=c3Rvcm1lZA==&MVERIKyObWhot=bG9jYXRlZA==&FYTDIun=bG9jYXRlZA==&dfgxcvsd4fd=xfUof-FSbgbn2xSGKAZon99VBllF9Kmm2kWEyUebgZTWrBOJMA5CqaKlJLd_mhj2&sdfxcvxcvgf3=w33QMvXcJxzQFYbGMv_DSKNbNkrWHViPxoqG9MildZ2qZGX_k7XDfF-qoVjcCgWR&dszjReMgHgqx=c3Rvcm1lZA==&ZkallbaMFBfeJXJ=Y2FwaXRhbA==