SHARE
TWEET

2017-06-09 Jaff

Racco42 Jun 9th, 2017 (edited) 186 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2017-06-09: #jaff f'ked up email phishing campaign with no subject
  2.  
  3. Download sites:
  4. http://7prisms.com/0hbtyHG
  5. http://adjlegal.com/0hbtyHG
  6. http://akira-sushi34.ru/0hbtyHG
  7. http://charlenelouw.co.za/0hbtyHG
  8. http://coregroupindia.co.in/0hbtyHG
  9. http://e67tfgc4uybfbnfmd.org/af/0hbtyHG
  10. http://matbaa.be/0hbtyHG
  11. http://mercobel.be/0hbtyHG
  12. http://msbn.net/0hbtyHG
  13. http://mscomunicacion.com.mx/0hbtyHG
  14. http://seminator.de/0hbtyHG
  15. http://sevsem.biz/0hbtyHG
  16. http://sportsandsocialchange.org/0hbtyHG
  17. http://stock-fallimenti.com/0hbtyHG
  18. http://xp.com.sg/0hbtyHG
  19. http://yesman.me/0hbtyHG
  20. http://zeshta.com/0hbtyHG
  21. http://zonnit.com/0hbtyHG
  22.  
  23. Malware:
  24. - encoded on download, SHA256 fe492d54d6d9909c97e9556d0e6c2ff46b235cdd0082679683b8ad2459b3062c, MD5 a810aa0c0f88929f805056a2b75956c4
  25. - decode by XORing with eN1bHc7u81KiYVNxi9WIBVPJkeA6W7eE
  26. - decoded malware SHA256 0a52c5de20a7baa231579ceb7b430ecff1b046b58bd156dcc1fee22c89f65324, MD5 a6be6ea02acd9138578cae3ef408cbe7
  27. - VT: https://www.virustotal.com/en/file/0a52c5de20a7baa231579ceb7b430ecff1b046b58bd156dcc1fee22c89f65324/analysis/1496997095/
  28. - HA: https://www.reverse.it/sample/0a52c5de20a7baa231579ceb7b430ecff1b046b58bd156dcc1fee22c89f65324?environmentId=100
  29.  
  30. C2: http://brookstecholiggronm.net/a5/
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top