[2018-03-14] Fobos->RigEK->Bunitu
Overview
Saz file is 2018-03-14_01-33-05.saz
(↓Analysis result using EKFiddle)
Malware
Bunitu
243358eb66e6f402c88497485180c9a3ecbd12ac92f4b8f4cb76ff0a7886c89b
[Hybrid-Analysis] [VirusTotal]
Traffic-Chain
[Fobos]
http[:]//freegogpcgames.pro/80230.677479
↓
[Fobos]
http[:]//53hshshshs.info/p6w2vx
↓
[Fobos]
http[:]//53hshshshs.info/p6w2vx/
↓
[RigEK][Landing Page]
http[:]//46.229.213.91/?NDQzNTQ3&BjAQPOXeW&RTCiILDeY=bG9jYXRlZA==&nx56sdsdbs=wnvQMvXcKxXQFYbGKuXDSKZDKU7WGUaVw4-chMG3YprNfynz0uzURnL2tASVVFmRrbM&vmWAySjsVW=dW5rbm93bg==&wWtEUBbBL=bWlsaw==&FjzjpFogoi=Y2FwaXRhbA==&eILjqP=Y2FwaXRhbA==&ivOLeIdZeGdAe=Y2FwaXRhbA==&JUdMlzJFeDggeRI=cG9wdWxhcg==&thdfvxasd32d=dKbRTa1XnhEKAeQZhnI1YUV4Wpauq30nSmhOYg5KE_kaLaFxG_8STHbQL6G2xy_NRcw
↓
[RigEK][Malware Payload]
http[:]//46.229.213.91/?NTYwNzA0&BTIxmgqP&yGEVnyra=dW5rbm93bg==&thdfvxasd32d=LBFka8K2ujEXVyRCfhZSG-BHfYw8U95eSR7U_21vwybVHds4ukRKCv2RWxe4tW14Z6AwalajCH6TAnUYtFEQxYQ&HJKEIYd=bG9jYXRlZA==&mDRBhxXbOEuA=cmVwb3J0&nYESvrQ=bWlsaw==&nx56sdsdbs=xHrQMrTYbRzFFYbfKP_EUKBEMUnWA0KKwYuZharVF5ixFDXGpbX1Fx7spV6dCFiEmvVvdLYHIwah1UHASwNnn4g&AIqxGUvMhtrZP=Y29uc2lkZXI=&rFAavVsyTDbZl=dW5rbm93bg==&uscYkDgHBiwgCX=cmVwb3J0