Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-09-27: #locky email phishing campaign "Scanned image from MX-2600N"
- Email sample:
- ---------------------------------------------------------------------------------------------------------------------
- From: <noreply@[REDACTED]>
- To: [REDACTED]
- Subject: Scanned image from MX-2600N
- Date: Wed, 27 Sep 2017 13:15:45 -0200
- Reply to: noreply@[REDACTED]
- Device Name: Not Set
- Device Model: MX-2600N
- Location: Not Set
- File Format: Adobe Acrobat Reader
- Resolution: 200dpi x 200dpi
- Attached file is scanned image in PDF format.
- Document password:
- Creation date: Wed, 27 Sep 2017 13:15:45 -0200
- Attachment: 20170927_572305.7z -> 20170927_386780.vbs
- ---------------------------------------------------------------------------------------------------------------------
- - sender email is forged to look like being sent from recipient's domain <noreply@[recepient's domain]>
- - subject is "Scanned image from MX-2600N"
- - attached file "20170927_<6 digits>.7z" contain file "20170927_<6 digits>.vbs", a VBScript downloader which will download malware from:
- Download sites:
- http://aeaccting.com/d8743fgh
- http://asecontrids.com/d8743fgh
- http://ashapeforlife.com/d8743fgh
- http://ashtontan.com/d8743fgh
- http://avsaroglubisiklet.com/d8743fgh
- http://bhs-news.com/d8743fgh
- http://borcom.de/d8743fgh
- http://bosphorustekneleri.com/d8743fgh
- http://consultingfranquean.com/d8743fgh
- http://cortaestanciapolanco.com/d8743fgh
- http://crna-macka.com/d8743fgh
- http://dic-astra.com/d8743fgh
- http://gug-gummi.com/d8743fgh
- http://poemsan.info/p66/d8743fgh
- http://www.fasching-hallbergmoos.de/d8743fgh
- Malware:
- - locky, offline .ykcol variant
- - SHA256: 3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c, MD5: dd4d46b9612efc391469bba8553358b6
- - VT: https://www.virustotal.com/en/file/3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c/analysis/1506531139/
- - HA: https://www.hybrid-analysis.com/sample/3e55a7a405e4c4e4ad6d19296ac512d6c32441d5a65419cd116faa672b11963c?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement