The purpose of the Trojan, identified by Zscaler as JS/Exploit-Blacole.em, is simply to redirect users to other sites. The immediate redirection leads to hxxp://rsnvlbgcba.ibiz.cc/d/404.php?go=1 and then on to hxxp://fukbb.com/.
An examination of the initial redirect’s source code revealed that the site is merely a stepping stone that leads users to the second redirect. Oddly, the final destination site does not host any malicious content at the moment. However, a VirusTotal analysis performed by Zscaler and Threatpost suggests that the site is a suspicious one that has been associated with malware-related activities in the past.