[2018-11-24] Unknown->RigEK->AZORult->Nymaim

November 24, 2018

Overview

Saz file is 2018-11-24_15-36-09.saz

(↓Analysis result using EKFiddle)

Malware

AZORult

095686d5037e77b644cfed08d8a1153cc0a13c705534d8207ff4e5cf92d40a51
[Hybrid-Analysis] [VirusTotal]

Nymaim

f68d659381b3998f4f1d6a42e992d4d5a80d868ad744377ba4c7379bec0077db
[Hybrid-Analysis] [VirusTotal]

Traffic-Chain

http[:]//whitepages.science/Wfg3R6XX?creative_id=262035&ad_campaign_id=107948&source=O7O52GE2EU-TM4QjM4E
↓
[RIG Exploit Kit][Landing Page]
http[:]//185.178.44.136/?MTIzMTU0&eaJNB&AkkjzHpF=difference&tcgfvfg4=m2HpvQqJLRUO1G1hRSBLgxmzotVW1MR9aym3UnSyUDI1sTT9ByJUTp1u9CSUbI&ZRFqs=criticized&xtqBxI=criticized&UwQUnwk=heartfelt&ffgffd3s=wXbQMvXcJwDQDIbGMvrESLtMNknQA0KK2If2_dqyEoH9cmnihNzUSkr66B2aC&frtB=heartfelt&tAHhguxyh=community&FtsogvS=referred&IOGMpr=known&bMZbEhiQM=community&AFobB=strategy&ebqzT=strategy&kaZRhg=vest&NdDbNOCt=criticized&lGpUo=golfer&GLCJp=wrapped&YKtFZZEHgMTE1ODMw
↓
[RIG Exploit Kit][SWF Payload]
http[:]//185.178.44.136/?NTExNTM3&LpmKxgq&ZxdUkcmzVehUTks=golfer&OyIqeFcuoaEe=professional&UZwDDt=constitution&NOSQvhMvrGbAg=difference&JDTMYiMC=referred&UtUXEZFs=wrapped&hPXkKhnWHja=professional&imPviwFjlJdk=constitution&jUFjzX=known&UGsBaBq=constitution&tcgfvfg4=7frVZOwTlixfUKgJgyYdaAFwW_qCsjEbQwUWbgJ7UqUPeMAxM-6KSFrc93l3FjLZTJvs&XwZmWjKLlTh=community&bpWjCLFK=referred&HkHtiPgLbGCqv=blackmail&RoPNyryecGp=everyone&FXLqIXjQNKX=heartfelt&ffgffd3s=w3fQMvXcJxbQFYbGMv3DSKNbNkjWHViPxoeG9MildZmqZGX_k7vDfF-qoVTcCgWRxfR&HqrYxEqjtZrywnMjUwOTQx
↓
[Fallout Exploit Kit][Malware Payload]
http[:]//185.178.44.136/?MzY3MjAw&BjUXdfnmhyu&XHhBltQxTcZhjx=blackmail&kTIDdxxiRso=perpetual&JDghbo=difference&tcgfvfg4=qJLRUO1G1hBSBLgxmzotUW1MR9aym3UjSyUDI1sTT9RyJUQNM9puTHbgy0W2oj7gXQA&xSJQJgJLgR=difference&KUBhzZoPUD=criticized&akKAUEbbeaqU=everyone&xdwPcKnSToSVYv=constitution&CpGoZKpam=professional&nEElplAlBogxl=community&hxuuloRpL=known&etjPTeuUgyVwtQq=perpetual&CrYoyPib=criticized&vUkpjclhy=blackmail&LKdbaByT=referred&xqeQTux=referred&ffgffd3s=wXfQMvXcJwDQAobGMvrESLtNNknQA0KK2In2_dqyEoH9cmnihNzUSkr06B2aCm2Hpvo&LIBpanLNwpUNMjI3NDUx