[2018-07-16] KaiXinEK->Gh0stRAT

July 16, 2018

Overview

Saz file is 2018-07-16_18-51-45.saz

(↓Analysis result using EKFiddle)

Malware

Gh0stRAT

c8d58f521cf6497f5d6289a2e1e880803b2f5e42b7b7ee3d9aaf01450920b665
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

[KaiXinEK][Landing Page]
http[:]//59.11.209.157
↓
[KaiXinEK][Checker]
http[:]//59.11.209.157/jquery.js
↓
[KaiXinEK][CVE-2018-8174]
http[:]//59.11.209.157/LeNnDv.html
↓
[KaiXinEK][Malware Payload]
http[:]//59.11.209.157:808/xm/1.exe