[2018-04-11] Fobos->RigEK->Bunitu
Overview
Saz file is 2018-04-11_23-57-20.saz
(↓Analysis result using EKFiddle)
Malware
Bunitu
26b6b61dd707502f031672ffd0615bc345e76a274a371ff3fa293f7032fb705c
[Hybrid-Analysis] [VirusTotal]
Traffic-Chain
[Fobos]
http[:]//returnmanworld.net
↓
[Fobos]
http[:]//domslavp.info/7azfv6/index.php?s=3384756709?
↓
[RigEK][Landing Page]
http[:]//185.154.53.57/?NTI0MzA3&DxIevAPa&pWwwcmz=bW9uZXk=&CiQQWwtnrrHx=Zmx5&hRLJPYupeKmBgo=Y2F0cw==&SKFUyYMtjpXjRWz=c2Vh&RVkDEaCZp=Zmx5&pvdklWoarHD=Zmx5&CqVXugjqujHc=cmVzb3J0&fdx3z=wnrQMvXcLBXQFYbBKuXDSKdDKU7WHEaVw4-YhMG3YprNfynz0-zURnLwtASVVFyRrbM&t4asgf=dKbBVPwDliECEKQE1yIcOUw8Q9P-t2EiGzRScgp6B-UCPNApGqsfGFLML6G2xy_NRcw
↓
[RigEK][SWF Payload]
http[:]//185.154.53.57/?NTQ4NjUz&hFAexuhGjo&RSrBmBwyzxvNdW=cmVzb3J0&KjKIxq=cmVzb3J0&ArZTWHXoGhuAczJ=c2Vh&QgqVdR=c3BvcnQ=&lRPgMpDCQlFl=bWF0Y2h1cA==&VlYbXnF=c2hha2U=&t4asgf=BVPwDiiECEKQY1yIcOUw8Q9P-s2EiGzRKcgp6B_ECPNApEqsfGFLUL21r9y7EUQIgmgECy&diOgabjLkUtHkj=c2Vh&fdx3z=wnrQMvXcLhXQFYbDKuXDSKRDKU7WH0aVw4-dhMG3YpzNfynz0-zURnLxtASVVFyRrbMdL7
↓
[RigEK][Malware Payload]
http[:]//185.154.53.57/?MjUxMzA0&DJonOxQSpiWKAY&rtJeiDdSsev=c2Vh&FmulPX=c2Vh&fdx3z=w3zQMvXcJxvQFYbGMvjDSKNbNkzWHViPxoyG9MildZqqZGX_k7DDfF-qoVncCgWRxfIvKL&ClzFqVhEctb=Zmx5&FgqMjNPUYJ=Y2F0cw==&hcxdLlUUbTkWFW=c2hha2U=&t4asgf=BTOAHkiRfULwFoz9teUVhFoaD9ikPVyx-f1ZWAqBXYNAsW_6KcHbIy0VT8xrIdQJZnxBey&DZXjVs=Zmx5&IjFWdfvBog=c3BvcnQ=