[2018-06-25] Slots->RigEK->Dropper->Miner
Overview
Saz file is 2018-06-25_18-06-45.saz
(↓Analysis result using EKFiddle)
Malware
Dropper
712c8552fa97cc196e10b4a08682a5976be6104053c025d624bdbfb6a378f8e8
[Hybrid-Analysis] [VirusTotal]
Dropper
08ad4f129e888c17fcc849a9b0e43b2ce7f930cb3829f00476d268aa90da0f93
[Hybrid-Analysis] [VirusTotal]
Miner
33ce039e6d06aeccbad8577b1b5d33d52eea5156278633eb90e8e577c3eff770
[Hybrid-Analysis] [VirusTotal]
Traffic-Chain
http[:]//anturnetss.bid
↓
[RIG Exploit Kit][Landing Page]
http[:]//92.53.107.181/?MzgwMzQz&bMKJIUxbROk&tahddff4=SwZmyY0LVlkT_634ikXWzRKa1ZPQ9RaFMw5G_5aWErI72FmjnbJCJc92zxXTumJRye4tYl4gpQlR2arI&bSkMffyMD=cmVzb3J0&TiQKnVLHyroZzB=c2Vh&CpfjoyEoYCFTe=c2Vh&NsjdAVcCgyDcn=bW9uZXk=&fdghgd2f=xHrQMrXYbRvFFYHfKPjEUKZEMUvWA0KKwYqZha3VF5qxFDLGpbf1FxnspVmdCFmEmvdvdLEHIweh1UbA&DpDXbK=c2Vh&hANfPQDZXEqBi=Y2F0cw==&faYodykgaqED=bW9uZXk=&lvbWOL=Y2F0cw==&QnFumDYCehmyj=c3BvcnQ=&VkNtXriYUyCR=Zmx5&ZReeatCFHBimu=c3BvcnQ=
↓
[RIG Exploit Kit][SWF Payload]
http[:]//92.53.107.181/?NDU1NDM=&HjkVFK&nhlySKRoezpo=bW9uZXk=&cgAReTgBbz=c2Vh&jOZqoRuiYVkyjio=c2Vh&wGPZRXHru=c2My&FNFlKztvt=Zmx5&bPXtoxitMWpZs=Zmx5&PmruTeDMaYeOeoR=c2Vh&IpEmcElgtp=c2Vh&tahddff4=myY0LVlkT_634ikLWzRKa1ZTQ9RGFMw5G_5aWErI72FmjnbVCJch2zxLTumVRyektVVkW6A4VrKqIUaWfnQ&zOfpOWmwoH=c2Vh&fdghgd2f=xHrQMrXYbRzFFYbfKP_EUKFEMUvWA0KKwY2Zha3VF52xFDXGpbf1FxnspVmdCF6EmvdvdLEHIwCh1UHASwF&NjTVurOfjckJ=bW9uZXk=&jSzMxj=bW9uZXk=
↓
[RIG Exploit Kit][Malware Payload]
http[:]//92.53.107.181/?Mjk5NDM0&EuOpCufW&iGQureMbKgMM=c3BvcnQ=&rJFuLcVJ=c3BvcnQ=&AYftWOgnW=bW9uZXk=&oJkgfl=Zmx5&etiWdgyWFtfoF=cmVzb3J0&fdghgd2f=x33QcvWfaRyPCYjDM_jdSqFGMUvOHkeIwY2fn7DSF5qofzajz7eSEBz36VmtTjvSgfdOLrZUIgCyjhqDOQY0mOFZEF5K8_6tkEKVyk6YwJSy-RKON&igYqcbwBXcU=c3BvcnQ=&HznMmFwRJ=c2My&zsxjrtzZS=Y2F0cw==&TzUjImPAncU=cmVzb3J0&MvpLAIHoOVlaX=Zmx5&tahddff4=AkT-5aRFLUz3Avxy7IXc88jwRLX6jNUxO4VVggU4g4TmK3IEKXJrkB0AkZgUlvNepp3ohXGASS7NTtwhPSLRDxxmO3N9fR3npMq1i6vmgxpaS-7yw&SXJNrifOrxiRw=bWF0Y2h1cA==