API tools faq
paste
Advertisement
ExecuteMalware

Untitled

ExecuteMalware
Aug 30th, 2018
2,215
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.76 KB | None | 0 0
raw download clone embed print report
  1. Some payload URLs pulled from Emotet Word Documents.
  2.  
  3. Method:
  4. 1. oledump.py -s 16 -v OutstandingInvoice.doc | re-search.py -n str-eu | sets.py join ""
  5. 2. From the resulting script, remove the ^ symbol (DOSfuscation)
  6. 3. Copy the base64 string from the script results in step 2. into CyberChef (https://gchq.github.io/CyberChef)
  7. 4. Apply recipes in the following order:
  8. Reverse
  9. From Base64
  10. Decode Text - Select UTF16LE (1200)
  11. Split (Split Delimiter = @ / Join Delimiter = \n)
  12.  
  13. EMOTET PAYLOAD URLS
  14. http://5ccmyoung.com/rKEh
  15. http://theiro.com/Stkv
  16. http://sv-konstanz.info/n
  17. http://moschee-wil.ch/kex
  18. http://mport.org/uLff7
  19.  
  20. http://puntoyaparteseguros.com/I
  21. http://infolierepvc.ro/z6OFthrp
  22. http://mzep.ru/xGKS
  23. http://grafobox.com/S
  24. http://haldeman.info/Zw
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!