[2018-05-27] Slyip->GrandSoft->Ursnif
Overview
Saz file is 2018-05-27_23-18-00.saz
(↓Analysis result using EKFiddle)
Malware
Ursnif
c00e775af8ec1fb973bbfed3d68753b13f2d3e0254daa9454ed27a075c0203a9
[Hybrid-Analysis] [VirusTotal]
Traffic-Chain
[Slyip Campaign]
http[:]//fasthosting.slyip.net/index.php?browser=ie&countryname=United+States
↓
[Slyip Campaign]
http[:]//fasthosting.slyip.net/index.php?browser=ie&countryname=United+States
↓
[Slyip Campaign]
http[:]//fasthosting.slyip.com/3qLMth?browser=ie&countryname=United+States
↓
[GrandSoft Exploit Kit][Landing Page]
http[:]//nrhnvelcro.project-x-adminko-test.tk/meccafeisty_hickory.php
↓
[GrandSoft Exploit Kit][CVE-2016-0189]
http[:]//nrhnvelcro.project-x-adminko-test.tk/getversionpd/1/2/3/4
↓
[GrandSoft Exploit Kit][Malware Payload]
http[:]//nrhnvelcro.project-x-adminko-test.tk/8/1954