[2018-09-10] PseudoGate->GrandSoft->AZORult

September 10, 2018

Overview

Saz file is 2018-09-10_13-54-15.saz

(↓Analysis result using EKFiddle)

Malware

AZORult

f9de3c166478dbc314e9c72052fe7ca714fb108d5abe9d39888126e73fc342bf
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

http[:]//www.afbchope.com
↓
[GrandSoft Exploit Kit][Checker]
http[:]//wart.fadsznelectoratefola.xyz/indonesia-fess_loosens.htm
↓
[GrandSoft Exploit Kit][CVE-2018-8174]
http[:]//wart.fadsznelectoratefola.xyz/getversoinpd/1/2/3/4
↓
[GrandSoft Exploit Kit][Malware Payload]
http[:]//wart.fadsznelectoratefola.xyz/9/121796