[2018-09-29] PseudoGate->GrandSoft->Ramnit->AZORult

September 29, 2018

Overview

Saz file is 2018-09-29_20-26-55.saz

(↓Analysis result using EKFiddle)

Malware

Ramnit

ad45cfb13369d393156e9571f239ab9c58c43239067bbc74152d747d32bf3b0d
[Hybrid-Analysis] [VirusTotal]

AZORult

8b42b0cdf3507dfd4ccd3004f883a00759dd8dd29ed7785817990e5dba7be7df
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

http[:]//lecheriasantos.com
↓
[GrandSoft Exploit Kit][Landing Page]
http[:]//fsz.vegetable.apartvd.xyz/michigan.php
↓
[GrandSoft Exploit Kit][CVE-2018-8174]
http[:]//fsz.vegetable.apartvd.xyz/getversoinpd/1/2/3/4
↓
[GrandSoft Exploit Kit][Malware Payload]
http[:]//fsz.vegetable.apartvd.xyz/9/128046