Another Korean gamer targeted Trojan.
Short analysis:
Gongda/Gondad exploit pack ->
-> Download & Execute -> m0308.exe (MD5: 66E40696F1E554B6E9EC2ACAE494C526): OnlineGameHack downloader dropper ->
-> Drop & Run as service -> 6to432.dll (MD5: 046C65F26AADBB0D6BDC48469903462F): OnlineGameHack downloader ->
-> Download 2 files (0308.jpg, 0308.exe) & Execute -> 0308.exe (MD5: 0ACB5261292C27176878709131B52FB0): OnlineGameHack dropper ->
-> Drop 2 files(ntdos44.esn, netware.eng) & Run as driver -> ntdos44.esn (MD5: BDF80B76B57BBAD9FC94E58C3B5A588A): OnlineGameHack driver ->
-> Hook NtCreateThread, inject netware.eng (MD5: 2198F8EDA3AF26D66AB9BA5CF16F85F5) to web browser (Internet Explorer) ->
-> netware.eng: Final payload, teh OnlineGameHack
VirusTotal result(s):
OnlineGameHack downloader dropper 18/46 https://www.virustotal.com/en/file/e679 ... /analysis/
OnlineGameHack downloader 13/46 https://www.virustotal.com/en/file/0b93 ... 9/analysis
OnlineGameHack dropper 24/46 https://www.virustotal.com/en/file/95e1 ... /analysis/
OnlineGameHack driver 2/46 https://www.virustotal.com/en/file/4d75 ... /analysis/
OnlineGameHack 0/46 https://www.virustotal.com/en/file/3239 ... /analysis/
Short analysis:
Gongda/Gondad exploit pack ->
-> Download & Execute -> m0308.exe (MD5: 66E40696F1E554B6E9EC2ACAE494C526): OnlineGameHack downloader dropper ->
-> Drop & Run as service -> 6to432.dll (MD5: 046C65F26AADBB0D6BDC48469903462F): OnlineGameHack downloader ->
-> Download 2 files (0308.jpg, 0308.exe) & Execute -> 0308.exe (MD5: 0ACB5261292C27176878709131B52FB0): OnlineGameHack dropper ->
-> Drop 2 files(ntdos44.esn, netware.eng) & Run as driver -> ntdos44.esn (MD5: BDF80B76B57BBAD9FC94E58C3B5A588A): OnlineGameHack driver ->
-> Hook NtCreateThread, inject netware.eng (MD5: 2198F8EDA3AF26D66AB9BA5CF16F85F5) to web browser (Internet Explorer) ->
-> netware.eng: Final payload, teh OnlineGameHack
VirusTotal result(s):
OnlineGameHack downloader dropper 18/46 https://www.virustotal.com/en/file/e679 ... /analysis/
OnlineGameHack downloader 13/46 https://www.virustotal.com/en/file/0b93 ... 9/analysis
OnlineGameHack dropper 24/46 https://www.virustotal.com/en/file/95e1 ... /analysis/
OnlineGameHack driver 2/46 https://www.virustotal.com/en/file/4d75 ... /analysis/
OnlineGameHack 0/46 https://www.virustotal.com/en/file/3239 ... /analysis/
Attachments
pw: infected
(188.91 KiB) Downloaded 62 times
(188.91 KiB) Downloaded 62 times
