[2018-07-16] KaiXinEK->Gh0stRAT
Overview
Saz file is 2018-07-16_18-51-45.saz
(↓Analysis result using EKFiddle)
Malware
Gh0stRAT
c8d58f521cf6497f5d6289a2e1e880803b2f5e42b7b7ee3d9aaf01450920b665
[Hybrid-Analysis] [VirusTotal]
Traffic-Chain
[KaiXinEK][Landing Page]
http[:]//59.11.209.157
↓
[KaiXinEK][Checker]
http[:]//59.11.209.157/jquery.js
↓
[KaiXinEK][CVE-2018-8174]
http[:]//59.11.209.157/LeNnDv.html
↓
[KaiXinEK][Malware Payload]
http[:]//59.11.209.157:808/xm/1.exe