SHARE
TWEET

2017-08-03 GlobeImposter "IMG_xxxx.BMP"

Racco42 Aug 4th, 2017 (edited) 229 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2017-08-03: #GlobeImposter email phishing campaign "IMG_xxxx.BMP"
  2. Samples: 1376
  3.  
  4. Email sample:
  5. -----------------------------------------------------------------------------------------------------------------------
  6. From: bridgett pugh <bridgettsZpugh@gmail.com>
  7. To: [REDACTED]
  8. Subject: IMG_9835.PDF
  9. Date: Fri, 04 Aug 2017 00:59:47 -0700
  10.  
  11. Attachment: IMG_9835.zip -> IMG_2278.js
  12. -----------------------------------------------------------------------------------------------------------------------
  13. - sender is <random>@gmail.com
  14. - subject is "IMG_<4 digits>.<BMP|PDF|JPEG|JPG|GIF>
  15. - email body is empty
  16. - attached file "IMG_<4 digits>.zip" contains file "IMG_<4 digits>.js", a JSsript downloader which will download malware from:
  17.  
  18. Download sites (URL contains suffix ??<random>=<random> which does not influence download):
  19. http://3sat.fr/JKhbj6g7
  20. http://adelaidemotorshow.com.au/hg65fyJHG
  21. http://apositive.be/hg65fyJHG
  22. http://autoecole-jeanpierre.com/JKhbj6g7
  23. http://camefe.com.mx/JKhbj6g7
  24. http://cipemiliaromagna.cateterismo.it/hg65fyJHG
  25. http://clubvive.net/JKhbj6g7
  26. http://diesel-pickup-oil-site.com/hg65fyJHG
  27. http://eubieartmedia.com/hg65fyJHG
  28. http://greenerlivingca.com/JKhbj6g7
  29. http://harristeavn.com/hg65fyJHG
  30. http://homeownersinsurance.ca/JKhbj6g7
  31. http://inducars.be/hg65fyJHG
  32. http://irenefalsone.com/JKhbj6g7
  33. http://lepair-be.com/JKhbj6g7
  34. http://llallagua.ch/JKhbj6g7
  35. http://peluqueriacaninaencordoba.com/JKhbj6g7
  36. http://promultis.it/hg65fyJHG
  37. http://saunaesofmansatis.net/JKhbj6g7
  38. http://searchlightcare.com/JKhbj6g7
  39. http://telesolutionsconsultants.com/hg65fyJHG
  40. http://themeastralgratuit.com/JKhbj6g7
  41.  
  42. Malware:
  43. - SHA256 228b6531f211ef09eef0c3d573636849bdd5751494b371cc750d33275949a345, MD5 ba3585645822f5656dc3197acb88bdd7
  44. - VT: https://www.virustotal.com/en/file/228b6531f211ef09eef0c3d573636849bdd5751494b371cc750d33275949a345/analysis/
  45. - HA: https://www.reverse.it/sample/228b6531f211ef09eef0c3d573636849bdd5751494b371cc750d33275949a345?environmentId=100
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top