[2018-04-24] BlackTDS->GrandSoft->GandCrab
Overview
Saz file is 2018-04-24_00-20-52.saz
(↓Analysis result using EKFiddle)
Malware
GandCrab
6fafe7bb56fd2696f2243fc305fe0c38f550dffcfc5fca04f70398880570ffff
[Hybrid-Analysis] [VirusTotal]
Traffic-Chain
[BlackTDS]
http[:]//financialbroker.gq
↓
[GrandSoft Exploit Kit][Landing Page]
http[:]//exercise.dadsrnp.xyz/orientated_frozen.htm
↓
[GrandSoft Exploit Kit][CVE-2016-0189]
http[:]//exercise.dadsrnp.xyz/getversionpd/1/2/3/4
↓
[GrandSoft Exploit Kit][Malware Payload]
http[:]//exercise.dadsrnp.xyz/2/7377