Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-09-19: #locky email phishing campaign "Emailing - 1000800NNNN"
- Email sample:
- --------------------------------------------------------------------------------------------------------------
- From: "Mckenna, Cassandra" <Cassandra.Mckenna@d[REDACTED]>
- To: [REDACTED]
- Subject: Emailing - 10008000036
- Date: Tue, 19 Sep 2017 22:37:29 +0300
- *** This email, and any attachments, is strictly confidential and may be le=ally privileged. It is intended only for the addressee. If you are not the=intended recipient, any disclosure, copying, distribution or other use of =his communication is strictly prohibited. If you have received this message in error, please contact the sender. Any=request for disclosure of this document under the Data Protection Act 1998=or Freedom of Information Act 2000 should be referred to the sender. [disc=aimer id: HCCStdDisclaimerExt] ***
- Attachment: 10008000036.7z
- --------------------------------------------------------------------------------------------------------------
- - sender address is forged to be from the recipient's own domain
- - subject is "Emailing - 1000800<4 digits>"
- - attached file "1000800<4 digits>.7z" contains file "1000800<4 digits>.vbs", a VBScript downloader
- Download sites:
- http://countryhome.dmw123.com/y873fhn3iur
- http://dealer.my-beads.nl/y873fhn3iur
- http://dkck.com.tw/y873fhn3iur
- http://edificioviacapital.com.br/y873fhn3iur
- http://globalmitrateknik.com/y873fhn3iur
- http://hkwatercolors.com/y873fhn3iur
- http://hydrodesign.net/y873fhn3iur
- http://keener-music.com/y873fhn3iur
- http://land-atlanta.net/y873fhn3iur
- http://lowlender.com/y873fhn3iur
- http://mebel.wladimir.ru/y873fhn3iur
- http://slbjuris.fr/y873fhn3iur
- http://zionbrand.su/p66/y873fhn3iur
- Malware:
- - locky, .ykcol offline variant
- - SHA256 942e275de833c747d0f8a5ebe519c62157c1136cbf467d079d7f84890018aa84, MD5: ee8bbd4ec4f19684f279054448a27601
- - VT: https://www.virustotal.com/en/file/942e275de833c747d0f8a5ebe519c62157c1136cbf467d079d7f84890018aa84/analysis/1505854472/
- - HA: https://www.reverse.it/sample/942e275de833c747d0f8a5ebe519c62157c1136cbf467d079d7f84890018aa84?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement