[2018-10-06] HookAds->FalloutEK->SmokeLoader->Miner

October 06, 2018

Overview

Saz file is 2018-10-06_20-21-47.saz

(↓Analysis result using EKFiddle)

Malware

SmokeLoader

9e0be6c805c0685432abdc64c549d5de4872dabb6c62da56a1489edc7fea38fb
[Hybrid-Analysis] [VirusTotal]

Coin Miner

d65855ee76d805825ee2a074b42a7170e31f1b98a6341d56db04d66b6f54a718
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

http[:]//datingittlive.info/?prop-mix&zoneid=2018151
↓
http[:]//datingittlive.info/setings.php
↓
https[:]//countystats.pro/next/gebrialer
↓
[Fallout Exploit Kit][Malware Payload]
http[:]//whereareyoupoop.club/7299/9wJ6e/Epicanthi.xhtml
↓
[Fallout Exploit Kit][Malware Payload]
http[:]//whereareyoupoop.club/polypores-15952-2436/heCW1I7K/qohw.dhtml