Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-07-27: #TrickBot email phishing campaign "Documents from xxxxxxxx"
- Stage2 download sites:
- http://baravellis.com/16
- http://florerialosjasminez.com/3
- http://morgoo.es/14
- http://urachart.com/27
- http://domnickhunterrl.com/34
- http://2arquitectura.es/2
- Malware download sites:
- http://2mconf.com/fgh43g4234
- http://2-wave.com/fgh43g4234
- http://9ninewright.net/fgh43g4234
- http://aafkescreaties.nl/fgh43g4234
- http://abstonework.ca/fgh43g4234
- http://actt.gr/fgh43g4234
- http://adr-werbetechnik.de/fgh43g4234
- http://a-g.cc/fgh43g4234
- http://allmumsaid.com.au/fgh43g4234
- http://cantalooplingerie.co.uk/fgh43g4234
- http://carcompanysolutions.be/fgh43g4234
- http://caribbeanartproducts.com/fgh43g4234
- http://carnepregiata.com/fgh43g4234
- http://castillodepalazuelos.es/fgh43g4234
- http://catterydelacanaille.be/fgh43g4234
- http://cdvhr.org/fgh43g4234
- http://somersetautotints.co.uk/fgh43g4234
- Malware:
- - encoded on download, SHA256 32a456d9993cda3f4c2fe22b06d7032f0a412ebbb4852478ecfc72174fde8521, MD5 04c500e322446814404a87b23130dc17
- - decode by XORing with "F00LJY67NQbT9PRIveMcxU1TWUHH407P"
- - decoded SHA256 7e8df24fe85b141e52bbce3a809b284337455f6e09b205ce7b4992e1b507611b, MD5 f9601665b4811d98ab7ac17a78314ed8
- - VT: https://www.virustotal.com/en/file/7e8df24fe85b141e52bbce3a809b284337455f6e09b205ce7b4992e1b507611b/analysis/1501166816/
- - HA: https://www.reverse.it/sample/7e8df24fe85b141e52bbce3a809b284337455f6e09b205ce7b4992e1b507611b?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement