[2018-04-24] BlackTDS->GrandSoft->GandCrab

April 24, 2018

Overview

Saz file is 2018-04-24_00-20-52.saz

(↓Analysis result using EKFiddle)

Malware

GandCrab

6fafe7bb56fd2696f2243fc305fe0c38f550dffcfc5fca04f70398880570ffff
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

[BlackTDS]
http[:]//financialbroker.gq
↓
[GrandSoft Exploit Kit][Landing Page]
http[:]//exercise.dadsrnp.xyz/orientated_frozen.htm
↓
[GrandSoft Exploit Kit][CVE-2016-0189]
http[:]//exercise.dadsrnp.xyz/getversionpd/1/2/3/4
↓
[GrandSoft Exploit Kit][Malware Payload]
http[:]//exercise.dadsrnp.xyz/2/7377