[2018-02-09] Slots->GrandSoft->Miner

February 09, 2018

Overview

Saz file is 2018-02-09_20-05-18.saz

(↓Analysis result using EKFiddle)

Malware

Coin Miner

d140b77968545f38f0db6732b333fa224035ad1815a3e3aaeda576c7f8a1a7be
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

[Slots]
http[:]//theslotmachina.bid/camp2?source={zoneid}&cost={cost}
↓
[GrandSoft][Landing Page]
http[:]//dart.wyn-fyctunnelswc.xyz/godly-prepconstructing
↓
[GrandSoft][CVE-2016-0189]
http[:]//dart.wyn-fyctunnelswc.xyz/getversionpd/null/18A0A0A160/null/null