[2018-06-25] Slots->RigEK->Dropper->Miner

June 25, 2018

Overview

Saz file is 2018-06-25_14-00-41.saz

(↓Analysis result using EKFiddle)

Malware

Dropper

712c8552fa97cc196e10b4a08682a5976be6104053c025d624bdbfb6a378f8e8
[Hybrid-Analysis] [VirusTotal]

Dropper

08ad4f129e888c17fcc849a9b0e43b2ce7f930cb3829f00476d268aa90da0f93
[Hybrid-Analysis] [VirusTotal]

Miner

33ce039e6d06aeccbad8577b1b5d33d52eea5156278633eb90e8e577c3eff770
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

http[:]//kronstic.bid
↓
[RIG Exploit Kit][Landing Page]
http[:]//46.229.212.132/?MzQ4MTE4&DQlAnJLQPVsH&fdghgd2f=x33QdfWYaRuPCYjDM__dTaFGMUzOGUeIwY2fn7DVF52oeDajz7eSEBzw6VmtSTvVgfdOLrZTIgCyjhqDOQE0n-FeEF5K8_6qkEWVzU6fwJ&guruvHcPp=c2Vh&PSdFCHZHQWttL=c2My&mfBbamUbY=c2Vh&DIisBlXeT=c2My&tHnGbQpjjRvh=c2My&tahddff4=Oy_kGJZglC_JWRHbVp3FXxnbIVc80kxRKE7WdTyOkUVloTsA4Rn6jPE6XKrkR0XUE0VQXNJ5p3pRzBAyS5NW5wgPOLRAtxq-2K9bV32ZMu&qgLApCWxyl=Zmx5&JUfdFWHNwKYob=c2Vh&JDufjWMCOxjwIz=bWF0Y2h1cA==&kBSmgCW=c2Vh&izdlRqrtsrF=c2Vh&fHYZMcEJ=Zmx5
↓
[RIG Exploit Kit][SWF Payload]
http[:]//46.229.212.132/?MjY4MzY4&JyrGaef&GhuqXN=c3BvcnQ=&asqxBuXKeFXep=Zmx5&fdghgd2f=xHrQMrXYbRvFFYbfKP_EUKZEMUvWA0WKwY2ZharVF52xFDLGpbf1Fx7spV6dCF6EmvBvdLEHIweh1UHASwY1&exECYYAJ=c3BvcnQ=&aGhcpc=c2hha2U=&tahddff4=m41aVVkapa2m3EXUzxKehpOE-RaEYQkU_ZGTEbI43Fn8ybUceM92xhXRuGIEze4tVVkZ4A4Vm637VaWO-0RA&jKHmZJLLeg=cmVzb3J0&uulrWyrdzaRgw=c2Vh&tPNORiCWcqTdAe=bWF0Y2h1cA==&cvNfUNWajk=bWF0Y2h1cA==&MzALZkOeRVy=c3BvcnQ=&DPrCxj=bWF0Y2h1cA==&CWTeTWuNaUSei=cmVzb3J0
↓
[RIG Exploit Kit][Malware Payload]
http[:]//46.229.212.132/?NDM0NTAx&aKYivWo&uSCwyPUemGwU=bW9uZXk=&DYTeTNAhsg=c3BvcnQ=&IqZHJux=c3BvcnQ=&RrkOpdo=Zmx5&voFGUvbIkYFHlA=cmVzb3J0&hKYgpGrQtAHLK=c2Vh&fdghgd2f=x33QdfWfaRuPDojEM__dTaFBMUzOGUeIwYqfn7DSF5qofzajz7eSFxz36VmtSTvSgfdOKbZUIgeyjhqDOQE0mOFeEFlK9P6tkEWVzU6fwJOy_kGOZ&HMoqnfkhY=c2hha2U=&lWOVcFnxGx=Zmx5&kGQuNOWWxnVfX=c2Vh&bXXTzuspoxB=c2My&tahddff4=g5C-5WRHbJp3FX2nbIVdM0jxRWE6mdTyOkUUVoUsAkRmKjIE6XKqUR0XUE0VQXKJ513pRzBAyO5NW5wgPSLQz52mOrG9fNwn5Mq0S6vmgtpbi-7yw&KOQYsv=c2My