Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-05-24: #jaff email phishing campaign
- Download sites:
- http://benimkecim.com/TrfHn4
- http://better57toiuydof.net/af/TrfHn4
- http://bionorica.md/TrfHn4
- http://blackstoneconsultants.com/TrfHn4
- http://danthegreat.athost.net/TrfHn4
- http://derossigroup.it/TrfHn4
- http://dianagaertner.com/TrfHn4
- http://dreamybean.de/TrfHn4
- http://duktigaflickor.se/TrfHn4
- http://enseling-gmbh.de/TrfHn4
- http://enzler-elektro.ch/TrfHn4
- http://facecapsule.com/TrfHn4
- http://holidayhops.com/TrfHn4
- http://hunter.cz/TrfHn4
- http://operadorapuma.com/TrfHn4
- http://orchideus.cz/TrfHn4
- http://pepmata.com/TrfHn4
- http://pixshoot.com/TrfHn4
- http://rejtjel.hu/TrfHn4
- http://tropicalcoffeebreak.com/TrfHn4
- http://vipmarketing.co.il/TrfHn4
- http://vsflot.ru/TrfHn4
- http://youtoolgrabeertorse.org/af/TrfHn4
- Malware:
- - encoded on download SHA256 ba7952ae07b41d049ad82674aeffbd43a5079f1db10a941db6545490c6c386bd, MD5 9585bc2d5d63b189bf8455d2e05cfb5e
- - decode by XORing the data with key 6WLms4bGcHU5iDixvWv6Wmuql3ILxV8S
- - decoded SHA256 2cc1d8edc318e0e09aad6afbc48999980f8e39e54734bca4c1a95c7b5db39569, MD5 fc8c82354bbc40f2662d577863c6b20f
- - sample https://www.virustotal.com/en/file/2cc1d8edc318e0e09aad6afbc48999980f8e39e54734bca4c1a95c7b5db39569/analysis/1495712694/
- https://www.reverse.it/sample/2cc1d8edc318e0e09aad6afbc48999980f8e39e54734bca4c1a95c7b5db39569?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
