[2018-09-30] FalloutEK->GandCrab

September 30, 2018

Overview

Saz file is 2018-09-30_22-59-41.saz

(↓Analysis result using EKFiddle)

Malware

GandCrab

0a3c367793c08a1002ba036e11b95839f9ef630b2763bb0e6d513fb9ea95a400
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

http[:]//51.15.98.59/QZNzQNbT?keyword=0.000386&cost=0.000386&external_id=70265551871569920&creative_id=2051533&ad_campaign_id=1343893&source=1774896&cost=0.000386
↓
[Fallout Exploit Kit][Landing Page]
http[:]//greatwallinc.club/Theftbote_flowmeter_6406/convexed_postfaces_paddocks/aversive_emanated_hickified/i949cC.shtml
↓
[Fallout Exploit Kit][Malware Payload]
http[:]//greatwallinc.club/1965_08_08/6302/basswood-Relievo-4736?Impedance=hz9UF&gyFhPaUUIc=8953&cothish=8064&EgLeL=glyceral_mallotus