Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-10-10: #locky and #trickbot email phishing campaign "Invoice INV0000xxx"
- Email sample:
- ---------------------------------------------------------------------------------------------------------------------
- From: Porter Waterman <porter@atelier-autour-de-la-mode.com>
- To: [REDACTED]
- Subject: Invoice INV0000281
- Date: Tue, 10 Oct 2017 22:21:02 -0200
- Sent from my iPhone
- Attachment: Invoice INV0000281.7z -> Invoice INV0000988.vbs
- ---------------------------------------------------------------------------------------------------------------------
- - subject is "Invoice INV0000<3 digits>"
- - attached file "Invoice INV0000<3 digits>.7z" contains file "Invoice INV0000<3 digits>.vbs", a VBScript downloader which will download either Trickbot (in case PC is by IP geolocated in UK, AU, LU, BE, IE) or Locky from one of the download sites:
- Locky download sites:
- http://alucmuhendislik.com/09yhb7r5e
- http://bit-chasers.com/09yhb7r5e
- http://bjp.co.id/09yhb7r5e
- http://centurythis.com/09yhb7r5e
- http://hellonwheelsthemovie.com/09yhb7r5e
- http://hexacam.com/09yhb7r5e
- http://mh-service.ru/09yhb7r5e
- http://nsaflow.info/p66/09yhb7r5e
- Trickbot download sites:
- http://mtblanc-let.co.uk/nui76tg7
- http://nsaflow.info/p66/nui76tg7
- http://qxr33qxr.com/nui76tg7
- http://smi-wi.com/nui76tg7
- http://yamanashi-jyujin.jp/nui76tg7
- Malware:
- - locky ransomware, offline asasin variant
- - SHA256: c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3, MD5 1934bc240ae9e8e101490a9dab13c079
- - VT: https://www.virustotal.com/en/file/c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3/analysis/1507719478/
- - HA: https://www.reverse.it/sample/c2e56510866a6e038ac723a3e5a2ac66b14f407b91886077727f622f561164e3?environmentId=100
- - trickbot banking trojan
- - SHA256: 24184f3ae1a878018d650812c7084cdc91fdaa8916d3d11140ef06d6306347a2, MD5: 5216bf5213f2f94e756ce464d34c740c
- - VT: https://www.virustotal.com/en/file/24184f3ae1a878018d650812c7084cdc91fdaa8916d3d11140ef06d6306347a2/analysis/1507717690/
- - HA: https://www.reverse.it/sample/24184f3ae1a878018d650812c7084cdc91fdaa8916d3d11140ef06d6306347a2?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement