[2018-10-03] PseudoGate->GrandSoft->Ramnit->AZORult
Overview
Saz file is 2018-10-03_20-27-11.saz
(↓Analysis result using EKFiddle)
Malware
Ramnit
7580fd88c504adf06797a4375d7e06917d7d83ea0395d893ee3a0aac2fc4f59c
[Hybrid-Analysis] [VirusTotal]
AZORult
9e87dde215ff38118b8b4749a79166c2fa0aa6061c011489d932d2157e01f69c
[Hybrid-Analysis] [VirusTotal]
Traffic-Chain
https[:]//traidings.today/activerevenue.php
↓
[GrandSoft Exploit Kit][Landing Page]
http[:]//constitutionality-teen.apartvd.xyz/bent_aspects
↓
[GrandSoft Exploit Kit][CVE-2018-8174]
http[:]//constitutionality-teen.apartvd.xyz/getversoinpd/1/2/3/4
↓
[GrandSoft Exploit Kit][Malware Payload]
http[:]//constitutionality-teen.apartvd.xyz/9/131968