[2018-08-22] Unknown->RigEK->AZORult->BabylonRAT

August 22, 2018

Overview

Saz file is 2018-08-22_15-42-05.saz

(↓Analysis result using EKFiddle)

Malware

AZORult

9ee000a5f6ddfe1fe58991690b95a99b2797343386203fddd64a5e9e0892d404
[Hybrid-Analysis] [VirusTotal]

Babylon RAT

416cb01b767ebf97e71e62965555871ad47672fc843bf2c93a4559c14e794462
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

http[:]//yobit-dice.net
↓
[RIG Exploit Kit][Landing Page]
http[:]//188.225.26.110/?MzEzMzM2&gLqLoPfPyv&OWDFsI=c3BvcnQ=&DiOBiDqkvMCGoDO=cmVzb3J0&tacxs4=TDQDkjhbRfwY3yopZAVMU86r93UWHz0KfhMbW_kGPNA4UrZOREbEy3Fjwx7UkQPskg1TH7WI&chVPcdIptfJXhG=cmVzb3J0&TMLmKo=c2hha2U=&OOcRwrlBbiJHhEj=Zmx5&CCBUkCWeoHqYVSS=c2My&WCtGJxCr=c2Vh&dVIZZXH=bW9uZXk=&ofRkIaZkiDA=c2Vh&fdxcs4f=xXrQMvWYbRXQCZ3EKv_cT6NBMVHRHkCL2Y2dmrHVefjaeFWkzrfFTF_wozKATgSG6_dtdfJ&bNVhTmqwtEc=c2My&nVECytAJqddXMAz=c3BvcnQ=
↓
[RIG Exploit Kit][SWF Payload]
http[:]//188.225.26.110/?NDQyMDkz&QGoBfCryM&AEflDuZ=cmVzb3J0&tDVNogVh=c2Vh&trdzaAJuK=bWF0Y2h1cA==&vqQpxEww=c2hha2U=&jRsyoWVLzoP=c2Vh&tacxs4=kjhbRfwY3yopZAVMU86r93UWHz0KfhMbW-UGPNA4UrZOWEbEy3Fjwx7Ikd8sjxhGC7VETi-lLYg&hZYWHqBHsbZMt=bWF0Y2h1cA==&fioSkPHsEZc=Zmx5&eTULmVKYo=cmVzb3J0&fdxcs4f=xXrQMvWYbRXQDp3EKvjcT6NBMVHRGUCL2Y2dmrHSefjaf1WkzrDFTF_wozKASQSG6_dtdfJTDQD&IrgvGnqN=Zmx5&SiqobET=c3BvcnQ=&gIxktkANiXiwT=bW9uZXk=
↓
[RIG Exploit Kit][Malware Payload]
http[:]//188.225.26.110/?NzgyNjI=&NBPizm&zyKGjukFeIOAoiQ=c3BvcnQ=&aNozhiSqXN=c3BvcnQ=&CvBcoEGVfTB=bWF0Y2h1cA==&dJlNFlYCAOgK=Zmx5&rxYlFGNQXAPV=c2Vh&UiHBlrMYX=cmVzb3J0&tacxs4=kiRbRfwE3yopeAVMU9Kr93UWHz0KfhMbW_kGPNA4UrZOREbEy3Fjwx7UkdcwjwBGB6mFgkeldUWo&yngsEKValXoP=c2hha2U=&wJxivGuqXyB=bW9uZXk=&UqeloStW=bW9uZXk=&uXwbgRlMVTAvi=Zmx5&fdxcs4f=xXrQMvWfbRXQDp3EKvjcT6NBMVHRHkCL2YqdmrHVefjaf1WkzrDFTF_3ozKATgSG6_dtdfJTDQD&VxLZTMM=c3BvcnQ=