[2018-04-25] CoinsLTD->BlackTDS->RigEK->SmokeLoader->ZeusPanda
Overview
Saz file is 2018-04-25_17-13-13.saz
(↓Analysis result using EKFiddle)
Malware
SmokeLoader
7540809ba4258c3a76319ef1f4a5f9452c597d95738ae5ac89729672983474d6
[Hybrid-Analysis] [VirusTotal]
Zeus Panda
d90c2a6db9e9a54788db67732240d2337ea3b7740aac1d97e17cc8d2c3a99b22
[Hybrid-Analysis] [VirusTotal]
Traffic-Chain
[CoinsLTD]
http[:]//trustingsotware.top
↓
http[:]//trustingsotware.top/flashplayer_files/getadobecom.js
↓
http[:]//yodiabachiku.xyz/WcwbHjSAL.bmp
↓
[BlackTDS]
http[:]//yodiabachiku.xyz/scr.php
↓
[RIG Exploit Kit][Landing Page]
http[:]//185.154.53.93/?MTc1NDkx&GNTdKUTsbTLtkIm&t4fghagaf=dL7MBP1bg3BDScgE0nYcOUQsW_6ys2EiDmxWY0Z-K_hSKYwhErJLGELUL6G2xzPNRcw&fdfgdgd3f=wnrQMvXcKRXQFYbEKuXDSKRDKU7WHEaVw4-ahMG3Yp3Nfynz0OzURnL3tASVVF-RrbM&OWwTOEYtZugsLfj=Zmx5&ADMBfSieFuwMtq=cmVzb3J0&NJwomKz=c2My&ZghTpnHYJVltvk=bWF0Y2h1cA==&bQIgZssrWSVisjp=c3BvcnQ=&rEAElznh=Zmx5&CVRxJNTDByCV=c2Vh
↓
[RIG Exploit Kit][SWF Payload]
http[:]//185.154.53.93/?MjA3MjI3&vgxioovekvexqhB&RANiRnPVZ=c3BvcnQ=&fdfgdgd3f=xX_QMvWebRXQCZ3EKvncT6NEMVHRGUCL2YqdmrHSefjaelWkzrHFTF_wozKASASG6_dtdfJUDQK&hZWbEEBcwdtqv=c2Vh&zHeMkrVcR=cmVzb3J0&FIAxRBrUsVZwkx=bW9uZXk=&FSjbTcQEfeo=c2hha2U=&t4fghagaf=wjkfVKgc0zodeB1sa9vr_i0DdzECficHQ-RHcaQhN_pWXFrNo212my7UkdMMjwReL61ETi-hLYg&VceJRlIN=c2Vh&gcqMmDnjRASMpl=c3BvcnQ=
↓
[RIG Exploit Kit][Malware Payload]
http[:]//185.154.53.93/?NTEzMzMz&fxULoJxTbIum&nFOASD=c2hha2U=&NjDgOCyVTybZX=c2Vh&fdfgdgd3f=xXrQMvWdbRXQC53EKvjcT6NHMVHRH0CL2YqdmrHVefjaf1WkzrLFTF_xozKASQSG6_JtdfJRDQKwi&FrkAlICkGQGtP=c3BvcnQ=&DStEYrhqZggzm=c2Vh&ASHlGR=cmVzb3J0&t4fghagaf=UfVKgY0zodfB1sa9Pr_i0XdzECYicHQ_xHcaQtN_pWXFrNo2l2my7MkecIkzh-L6mhZxegtDxoR4jo&MYzbbJAFYm=cmVzb3J0&KdocjyEoMkdnc=Y2F0cw==