[2018-10-14] Unknown->RigEK->AZORult

October 14, 2018

Overview

Saz file is 2018-10-14_19-35-00.saz

(↓Analysis result using EKFiddle)

Malware

AZORult

9db270fe36dc27c14c557b55cd0d5f6e6665225b4bf11519a5640cdc74cc9ee6
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

http[:]//hentiafapland.com/smutstone_0418_land_ss_290418_en?click=426514
↓
[RIG Exploit Kit][Landing Page]
http[:]//176.57.214.226/?NTM2MTE3&jxGno&SbuvuIc=already&jCflOKe=already&XpMPr=referred&fdssdfsdgf=w3jQMvXcJxbQFYbGMv3DSKNbNkjWHViPxoiG9MildZeqZGX_k7TDfF-qoVTcCgWR&YWGpdQbT=constitution&thfghdsf4=xfskJLsCOgvo20KDLQJgmI8MBlxH_6utiEeDnx_O0Z6G_haJYQJG_qKlJLd_mhj2&FTgBS=strategy&oQBE=criticized&LPmBE=wrapped&krWYgVmt=constitution&BwawItxjC=constitution&xBwYYwv=known&OOYTJ=referred&gskETHCNTQ0NzYx
↓
[RIG Exploit Kit][SWF Payload]
http[:]//176.57.214.226/?NTI0MTcw&kymPydEH&pMVUPDNK=golfer&AfwARem=golfer&cuNeWZBKDtFE=constitution&thfghdsf4=lYhUAFMU_q_4iUfWnx6dhJ6DrBzZNQxN_ZSWErdtjlX8nbdFdMwkxB-G6WlTzeMtWlMY6QwQmqb7VaeO-0dA&rSjkarFjSLFs=heartfelt&TUcuKJHfDsHC=criticized&PGmuTLCZILg=vest&YcXnOThDwVoc=constitution&IYEZROjRgPbZAHr=constitution&vpPAShh=strategy&JnZMHMREL=blackmail&FmsDoqRdjZHG=difference&fdssdfsdgf=xHnQMrfYbRjFFYTfKPzEUKJEMUnWA0GKwYeZhajVF5mxFDDGpbT1FxvspVSdCFuEmvtvdLoHIwWh1ULASwNo&KxXJYEbcWYsGzYHNTQ5Njkx
↓
[RIG Exploit Kit][Malware Payload]
http[:]//176.57.214.226/?MjMwNjMz&ZltwBCql&mVNlsGkJTxPxF=blackmail&fdssdfsdgf=wnfQMvXcJBXQFYbJKuXDSKJDKU7WGkaVw4-QhMG3YpnNfynz2OzURnL0tASVVFqRrbMdJLtZN&mnfEhydXt=heartfelt&DHhZOLgHUfF=heartfelt&kAdRFI=known&VewpiTJ=constitution&upljNRxouewuS=detonator&thfghdsf4=FHoikzWfA1iyo9ZVVtCo_2nhkPWzx_K1p7Q9USJYglN-5KWFbkL0VT8xrgdecIhzibfqWlT_A&HMcXZxT=everyone&hEgSiYYIhz=already&ewbrrPDK=strategy&zcGeFTjbVAt=known&egSyve=known&rweunKdXyODNTAyOTIz