Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-09-18: #locky email phishing campaign "Message from KM_C224e"
- Email sample:
- -------------------------------------------------------------------------------------------------------------
- From: <copier@[REDACTED]>
- To: [REDACTED]
- Subject: Message from KM_C224e
- X-Mailer: KONICA MINOLTA bizhub C224e
- Date: Mon, 18 Sep 2017 14:35:03 -0500
- Attachment: 20171809_12476062947.7z -> 20170918_84047158233.vbs
- -------------------------------------------------------------------------------------------------------------
- - sender is "copier@<recipient's domain>"
- - subject is "Message from KM_C224e"
- - email body is empty
- - attached file "20171809_<11 digits>.7z" contains file "20171809_<11 digits>.vbs", a VBScritp downloader
- Download sites:
- http://accountingservices.apec.org/DKndhFG72
- http://autoecoleeurope.com/DKndhFG72
- http://autoecolekim95.com/DKndhFG72
- http://cornyproposals.com/DKndhFG72
- http://demopowerindo.com/DKndhFG72
- http://dmlex.adlino.be/DKndhFG72
- http://eurecas.org/DKndhFG72
- http://georginabringas.com/DKndhFG72
- http://lasdamas.com/DKndhFG72
- http://montecortelhas.com/DKndhFG72
- http://petromarket.ir/DKndhFG72
- http://pnkparamount.com/DKndhFG72
- http://targeter.su/p66/DKndhFG72
- http://v-chords.de/DKndhFG72
- http://walkama.net/DKndhFG72
- http://wenger-werkzeugbau.de/DKndhFG72
- http://wiskundebijles.nu/DKndhFG72
- Malware:
- - locky, .ykcol variant
- - SHA256: 24b29b6c856f24b4385b8aefedada88cb3aebf88b29b90348a928d8bae5c7cc2, MD5: bab1c043a2fba947f682b6a012a9f362
- - VT: https://www.virustotal.com/en/file/24b29b6c856f24b4385b8aefedada88cb3aebf88b29b90348a928d8bae5c7cc2/analysis/1505762333/
- - HA: https://www.reverse.it/sample/24b29b6c856f24b4385b8aefedada88cb3aebf88b29b90348a928d8bae5c7cc2?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement