[2018-08-12] KaiXinEK->Gh0stRAT

August 12, 2018

Overview

Saz file is 2018-08-12_17-44-47.saz

(↓Analysis result using EKFiddle)

Malware

Gh0stRAT

a4e8a70e26c4d591c686794dda30c82ba01c53ce1941eedb3d5e81f770129832
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

[KaiXinEK][Landing Page]
http[:]//www.daumss.com
↓
[KaiXinEK][CVE-2018-8174]
http[:]//www.daumss.com/VxRwUe.html
↓
[KaiXinEK][Malware Payload]
http[:]//bb.mrmr11.cn:8001/erver.exe