[2018-03-27] Seamless->RigEK->ZeusPanda
Overview
Saz file is 2018-03-27_00-11-51.saz
(↓Analysis result using EKFiddle)
Malware
Zeus Panda
8db8f6266f6ad9546b2b5386a835baa0cbf5ea5f699f2eb6285ddf401b76ccb7
[Hybrid-Analysis] [VirusTotal]
Traffic-Chain
[Seamless]
http[:]//rakamazinchuro.info
↓
[RigEK][Landing Page]
http[:]//176.57.217.177/?NTA3Mjgz&RKlcJtIRXgh&fsdff2g=wHjQMvXcJwDLFYbGMvrETaNbNknQA0WPxpH2_drSdZqxKGni1-b5UUSk6FmCEh3&iGiEyqugUducOsc=dW5rbm93bg==&tf3sdd=h8fUre-FZPgW1i02DfQ1onYgJUwkSo_2t3RTVnBXNg5fQ-RKFNAx1z6LRVvQ-2w&ZqdxXd=dW5rbm93bg==&aOYrFVmOjXRinVG=Y2FwaXRhbA==&jwRhQIEIoh=dW5rbm93bg==&QULFayGZd=bWlsaw==&cISdbrRWUin=Y29uc2lkZXI=&UwYuQwS=dW5rbm93bg==
↓
[RigEK][SWF Payload]
http[:]//176.57.217.177/?NDYyNDAz&SmeVOI&EOOtRY=dGhpbmdz&iqGGZDbdZCmsCEU=cmVwb3J0&oluwBacBDe=dW5rbm93bg==&HRVjwQfOtMp=dW5rbm93bg==&fsdff2g=wn3QMvXcLhXQFYbGKuXDSKBDKU7WHkaVw4-ahMG3YprNfynz1ezURnLwtASVVFmRrbMdKb&KxJXvdwA=dGhpbmdz&arCtNIKiG=Y2FwaXRhbA==&DGAkSBOGq=Y2FwaXRhbA==&tf3sdd=ZWa1DnhEaGLwBpn4hVVFMSo6io3UCBnRPP1ZfX-xbcYVhD-5WdQbIL2l72zLMUQIgigECy
↓
[RigEK][Malware Payload]
http[:]//176.57.217.177/?NjI5MTQ=&OChbIrKPCfgFvaT&ZbYSJvatbqkRhs=bG9jYXRlZA==&DWDwGZwaaMkR=cmVwb3J0&cmEHQAlmgkIg=Y2FwaXRhbA==&lHCyLTMoMoo=dW5rbm93bg==&ZndroCTCZVuNE=cG9wdWxhcg==&byCnxcSNI=bWlsaw==&tf3sdd=QDNAbiixGIeAFnlIdcBlwSpKj62keGnBbJg5HT_UeJZglNqqKcHbQy0VT8xrQdQJZnxBOy&fsdff2g=w33QMvXcJxvQFYbGMv7DSKNbNkzWHViPxoiG9MildZuqZGX_k7fDfF-qoV7cCgWRxfYpK-&qcpToXwMJp=bG9jYXRlZA==