API tools faq
paste
Racco42

Locky "August invoice"

Racco42
Sep 6th, 2016
1,632
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.01 KB | None | 0 0
raw download clone embed print report
  1. 2016-09-06 #locky email phishing campaign "August invoice"
  2.  
  3. Email sample:
  4. --------------------------------------------------------------------------------------------
  5. From: "Roseann Hamilton"
  6. To: [REDACTED]
  7. Subject: August invoice
  8.  
  9.  
  10. Hello [REDACTED], Walton asked me to send you invoice for August. Please look over the attachment and make a payment ASAP.
  11.  
  12. Best Regards,
  13. Roseann Hamilton
  14. -------------------------------------------------------------------------------------------
  15. Attached file "<random_hexachars>.zip" contain 2 identical files "August_invoice <8_random_hexachars>. pdf~.js" and "August_invoice <8_random_hexachars>. pdf~ - 1.js" a JScript downloaders
  16.  
  17. Download sites:
  18. http://bookinghotworld.ws/7m35qn
  19. http://canonsupervideo4k.ws/87rhku3
  20. http://darkestzone2.wang/9zh9my4
  21. http://donttouchmybaseline.ws/fax8x
  22. http://listofbuyersus.co.in/jx829o21
  23. http://tradesmartcoin.xyz/k7w8qhi
  24. http://videoconvertermac.in/n9xld
  25.  
  26. Malware encoded on download, filesize 134,772 bytes
  27. 74605db8fba9b14d3c37eaa8f7f55ecb65b62dd565a0d3e6e703e7382071a1fd http___canonsupervideo4k.ws_87rhku3
  28. 8bf5ca18accaf6f2c3129f10492b733afeeb6738441eb34b090f6bd575bf1a42 http___darkestzone2.wang_9zh9my4
  29. 75d5de75d30cc198e4105027f98a0eda5ad16e5bd8714c444cdbc881bc4b3c3e http___donttouchmybaseline.ws_fax8x
  30. 1d1535fe99c221e503811bae477dfec1709d1887be562bfd5c13b85e7ed093d9 http___tradesmartcoin.xyz_k7w8qhi
  31.  
  32. https://www.reverse.it/sample/d6014af1d4eca461443d671ddc3b55b31cbe11f4d8f64dc29293ce183a57758f?environmentId=100
  33. https://www.reverse.it/sample/089ee7f9130c54081dc7495ad9ee50c05764f1c55e7fd5abda49ea235d38c494?environmentId=100
  34. https://www.reverse.it/sample/0789099409292a97ad8668950e329bd1550e93209a379ce0eb10f191850ba0d4?environmentId=100
  35. https://www.reverse.it/sample/01a7c6a564a3313b2ee9394909fd50d598cafc385f6c7fa0662dadeaf8e9638e?environmentId=100
  36.  
  37. C2:
  38. 158.255.6.109:80/data/info.php
  39. 185.162.8.101:80/data/info.php
  40. 185.154.15.150:80/data/info.php
  41. 91.211.119.71:80/data/info.php
  42. gsejeeshdkraota.org/data/info.php [188.120.232.55]
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!