[2018-02-05] Fobos->RigEK->Bunitu

February 05, 2018

Overview

Saz file is 2018-02-05_23-52-08.saz

(↓Analysis result using EKFiddle)

Malware

Bunitu

16f02eb3030f5aa563d547218c449a2ecb4bf71c9a26f01c5898e50474c791ca
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

[Fobos]
http[:]//casinosmrt.info/
↓
[Fobos]
http[:]//39kfjfjfjff1.info/0ex5b/?eet=983968330110
↓
[RigEK][Landing Page]
http[:]//188.225.26.249/?NjIyMDYw&FPNJjMAQN&TIwixFiN=cmVwb3J0&SLaeymJyI=bG9jYXRlZA==&xEFLmb=cmVwb3J0&HaJfUVvzhQCHUe=dW5rbm93bg==&dfg434g=w3vQMvXcJxrQFYbGMvjDSKNbNkzWHViPxoiG9MildZ2qZGX_k7XDfF-qoV7cCgWR&fsdfdgdf=xfV7f7VUOgDgi02DcgFplYlbWl4R_6D43UTSmxKYiJPQ-hOOaQlD-6KlJLV_mhj2&PbwmkTSsHQteu=cmVwb3J0&TlqEmudzeB=YXR0YWNrcw==
↓
[RigEK][SWF Payload]
http[:]//188.225.26.249/?MTgzNjc5&unpfVQwHkQnFiQ&TyPvOgWdoYFYs=cmVwb3J0&utFvsCKpfYFEl=bG9jYXRlZA==&QXsSxAiGhUwNtNG=ZGVub21pbmF0aW9ucw==&eTbTaYWpXCnp=bWlzc2luZw==&XbvKHA=c3Rvcm1lZA==&fsdfdgdf=zjkKEfAFgmoZeUVMb86CpiELdyx6YicHR_hLfZQ5B98CWE7c43VXzy7QkdsghzxKF7FETi-5LYg&gxGZUghB=c3Rvcm1lZA==&dfg434g=xXvQMvWZbRXQCZ3EKv7cT6NBMVHRGUCL2YudmrHVefjaeFWkzrDFTF_2ozKATwSG6_dtdfJUDVW