API tools faq
paste
Advertisement
Racco42

2017-07-31: GlobeImposter "Scanned Image"

Racco42
Aug 1st, 2017
1,942
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.15 KB | None | 0 0
raw download clone embed print report
  1. 2017-07-31: #GlobeImposter email phishing campaign "Scanned image"
  2. Samples: 443
  3.  
  4. Email sample:
  5. --------------------------------------------------------------------------------------------------------------------
  6. From: "Marcelo" <Marcelo-57@panjshir.com>
  7. To: [REDACTED]
  8. Subject: Scanned image
  9. Date: Tue, 01 Aug 2017 08:49:00 +0700
  10.  
  11. Image data in PDF format has been attached to this email.
  12.  
  13. Attachment: 20170801205148.zip -> 20170801866068.js
  14. --------------------------------------------------------------------------------------------------------------------
  15. - sender is random
  16. - subject is "Scanned image"
  17. - attached file "2017<0731 or 0801><6 digits>.zip" contains file "2017<0731 or 0801><6 digits>.js", a JScript downloader which will download malware from:
  18.  
  19. Download sites (URL contains suffix ??<random>=<random> which does not influence the download):
  20. http://aimtravel.pl/a87hbn
  21. http://aitree.com/a87hbn
  22. http://bccapital.com/a87hbn
  23. http://camsexy.be/a87hbn
  24. http://dreamoneday.com/a87hbn
  25. http://edutechservices.in/a87hbn
  26. http://hpmanagement.de/a87hbn
  27. http://inoveinternet.com.br/a87hbn
  28. http://labettolasaigon.com/a87hbn
  29. http://mm7758.com/a87hbn
  30. http://nowo-tech.de/a87hbn
  31. http://petsplace.ca/a87hbn
  32. http://popprojects.com/a87hbn
  33. http://psynetwork.org/a87hbn
  34. http://quente.nl/a87hbn
  35. http://quicklookback.com/a87hbn
  36. http://samogonochka.net/a87hbn
  37. http://scapin.de/a87hbn
  38. http://sethiwriting.com/a87hbn
  39. http://showyourdeal.com/a87hbn
  40. http://slvideo.net/a87hbn
  41. http://snehil.com/a87hbn
  42. http://spinlock.info/a87hbn
  43. http://stillsmokin.bravepages.com/a87hbn
  44. http://szymanowicz.eu/a87hbn
  45. http://tbdexpress.com/a87hbn
  46. http://ttcpv.com/a87hbn
  47. http://urachart.com/a87hbn
  48. http://zabandan.com/a87hbn
  49. http://zubairfazal.com/a87hbn
  50.  
  51. Malware (SmoakLoader which will download the GlobeImposter malware):
  52. - SHA256 fbb8676259d0562ce087a1677477b6b2dfbc07432e4269016456701eeabdc455, MD5 6d869b86fea803b79acedeec7d0b0952
  53. - VT: https://www.virustotal.com/en/file/fbb8676259d0562ce087a1677477b6b2dfbc07432e4269016456701eeabdc455/analysis/1501545240/
  54. - HA: https://www.reverse.it/sample/fbb8676259d0562ce087a1677477b6b2dfbc07432e4269016456701eeabdc455?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!