Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-08-03: #GlobeImposter email phishing campaign "IMG_xxxx.BMP"
- Samples: 701
- Email sample:
- -----------------------------------------------------------------------------------------------------------------------
- From: celeste tessequeau <celesteIAJtessequeau@gmail.com>
- To: [REDACTED]
- Subject: IMG_0566.BMP
- Date: Thu, 03 Aug 2017 16:24:25 +0530
- Attachment: IMG_0566.zip -> IMG_1478.js
- -----------------------------------------------------------------------------------------------------------------------
- - sender is <random>@gmail.com
- - subject is "IMG_<4 digits>.<BMP|PDF|JPEG|JPG|GIF>
- - email body is empty
- - attached file "IMG_<4 digits>.zip" contains file "IMG_<4 digits>.js", a JSsript downloader which will download malware from:
- Download sites (URL contains suffix ??<random>=<random> which does not influence download):
- http://amaiba.com/87wefhi
- http://attilabalogh.com/87wefhi
- http://azlinshaharbi.com/87wefhi
- http://coryrussellcoaching.com/87wefhi
- http://eco-bricks.com/87wefhi
- http://flooringforyou.co.uk/87wefhi
- http://gandeel-trading.com/87wefhi
- http://henweekendsbirmingham.co.uk/87wefhi
- http://iida-sevensuns.com/87wefhi
- http://jaysonmorrison.com/87wefhi
- http://rollingmeadowsmassage.com/87wefhi
- http://sstsjv.com/87wefhi
- http://tasgetiren.com/87wefhi
- http://vangoframer.com/87wefhi
- http://wendybull.com.au/87wefhi
- http://wir.hebammen.at/87wefhi
- http://wskrescue.com/87wefhi
- http://xlrqradio.com/87wefhi
- Malware:
- - SHA256 acde107852738491b5b9f4c47b2b7bd7627e4ae71a57a24b5757cec13ada321c, MD5 1a16f375e18a096b34104401ad8fff58
- - VT: https://www.virustotal.com/en/file/acde107852738491b5b9f4c47b2b7bd7627e4ae71a57a24b5757cec13ada321c/analysis/1501757950/
- - HA: https://www.reverse.it/sample/acde107852738491b5b9f4c47b2b7bd7627e4ae71a57a24b5757cec13ada321c?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement