[2018-11-10] HookAds->FalloutEK->Nocturnal->GlobeImposter

November 10, 2018

Overview

Saz file is 2018-11-10_23-45-01.saz

(↓Analysis result using EKFiddle)

Malware

Nocturnal Stealer

f400e7edd65087a5d6ac0a865a4e5b15dc16dfcc6cd44a4dc65e3bb2592c2398
[Hybrid-Analysis] [VirusTotal]

GlobeImposter

521e8b48c7c4d54ffeaee381118505215b0dd36ada17b5452e1eaacac4e3a70e
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

http[:]//fiestaonlline.info/?activer-mix&source=86013.120052_
↓
https[:]//www.eb-makarek.pro/unlimited/aboutus
↓
[Fallout Exploit Kit][Landing Page]
http[:]//getouthere.pw/Questers/5898/Incitate.phtml
↓
[Fallout Exploit Kit][Malware Payload]
http[:]//getouthere.pw/anolian-Stoccatas-Hazeled-doodah/fPPqIfm.cfml?H7nD=pillery_8678_Velveting&XYamH=BtWDUpLk5&demist=ZziDr&JRFQjWsT=Kubachi