[2018-04-11] BlackTDS->GrandSoft->AZORult

April 11, 2018

Overview

Saz file is 2018-04-11_02-10-59.saz

(↓Analysis result using EKFiddle)

Malware

AZORult

e4daa916c744896f5b043c98961c0d08e328aa011a8f9317f655003eaac20b04
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

[BlackTDS]
http[:]//crazyfrog.ml
↓
[GrandSoft Exploit Kit][Landing Page]
http[:]//akspfdhv-silo.organizersttoo.xyz/reenter_hallmarkenclosures.htm
↓
[GrandSoft Exploit Kit][CVE-2016-0189]
http[:]//akspfdhv-silo.organizersttoo.xyz/getversionpd/1/2/3/4
↓
[GrandSoft Exploit Kit][Malware Payload]
http[:]//akspfdhv-silo.organizersttoo.xyz/2/1638