[2018-04-22] BlackTDS->RigEK->SmokeLoader->ZeusPanda

April 22, 2018

Overview

Saz file is 2018-04-22_00-06-38.saz

(↓Analysis result using EKFiddle)

Malware

SmokeLoader

5c6c28c902f9b4a972fc8fec200f5d682a2529d1509d7312b5acec6f661be2f3
[Hybrid-Analysis] [VirusTotal]

Zeus Panda

4db91a75578e7ba00c0d102eaebca6e5a60d935c83d40a63e89a2a875986f81f
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

[BlackTDS]
http[:]//hellomykingo.cf
↓
[RigEK][Landing Page]
http[:]//46.30.47.164/?NDM2MTY5&IDIUtYpavme&EaUAoVXS=cmVzb3J0&bwEYjtVk=bWF0Y2h1cA==&GNLGVNhxw=bWF0Y2h1cA==&lPquHwX=c3BvcnQ=&srXOpH=cmVzb3J0&fsa3f=wn_QMvXcLhXQFYbCKuXDSKFDKU7WHEaVw4-YhMG3YprNfynz0OzURnLwtASVVF6RrbM&t4aaf=dLuNTbwDgjkeELwRlyt9aUVxH_v2tiEfUzReZ0ZWC_EeJNA1B_5uXQLIL6G2xzfNRcw&kidlupJP=Zmx5&fCxSneObllxupP=Zmx5
↓
[RigEK][SWF Payload]
http[:]//46.30.47.164/?MjIzNzcy&kbAZAVoh&wMlAnUkJDjvy=cmVzb3J0&aOembOLnPzv=c2Vh&sWqUPAmmJ=c2hha2U=&JJwJZLUNcng=cmVzb3J0&GXBSjswjnZq=bW9uZXk=&AuTWwcdfFVZpplO=c2Vh&fsa3f=wnrQMvXcKRXQFYbDKuXDSKRDKU7WHEaVw4-dhMG3Yp_Nfynz0OzURnL3tASVVF-RrbMdLO&t4aaf=NTbwDgjkeELwRlyt9aUVxH_v2tiEfUzRKZ0ZWC-UeJNA1G_5uXQLML2lnwzrERQIglgECy&aNhAhbxE=c3BvcnQ=
↓
[RigEK][Malware Payload]
http[:]//46.30.47.164/?NjI3NTAw&RKqyKhw&fsa3f=w3zQMvXcJxzQFYbGMv_DSKNbNkzWHViPxoyG9MildZ-qZGX_k7HDfF-qoVncCgWRxfF8Lu&liwAItUnk=c2My&t4aaf=BTPgDjiRGELQQwm4gJW1tH8a-vikPQmBSc0pSGqBKNaA5Hq6KcHbMy0VT8xrIdQJZnxBKy&gobAjpKiH=c3BvcnQ=&AhpRorCkK=cmVzb3J0&pIqzusAvM=Zmx5&aXOHVqhcK=cmVzb3J0&JXjLba=bWF0Y2h1cA==&XzlpZHcAbCHquW=Zmx5