SHARE
TWEET

2019-05-28 - EXAMPLE OF EMOTET MALSPAM (1 OF 2)

malware_traffic May 29th, 2019 (edited) 1,219 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. X-Originating-Ip: [198.54.122.58]
  2. Authentication-Results: [removed]; iprev=pass policy.iprev="198.54.122.58"; spf=pass smtp.mailfrom="rohitha@amadili.info" smtp.helo="mta-08-4.privateemail.com"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=amadili.info
  3. Received: from [198.54.122.58] ([198.54.122.58:17952] helo=MTA-08-4.privateemail.com)
  4.     by [removed] (envelope-from <rohitha@amadili.info>) [removed];
  5.     (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384
  6.     Tue, 28 May 2019 15:38:07 -0400
  7. Received: from MTA-08.privateemail.com (localhost [127.0.0.1])
  8.     by MTA-08.privateemail.com (Postfix) with ESMTP id 115CE60052
  9.     for <admin@malware-traffic-analysis.net>; mtTue, 28 May 2019 15:38:06 -0400 (EDT)
  10. Message-ID: <96.33.17482.E1E8DEC5@[removed]>
  11. Received: from [67.241.81.253] (unknown [10.20.151.202])
  12.     by MTA-08.privateemail.com (Postfix) with SMTP id B79716003E
  13.     for <admin@malware-traffic-analysis.net>; Tue, 28 May 2019 19:38:05 +0000 (UTC)
  14. Date: Tue, 28 May 2019 15:38:05 -0500
  15. From: "Melinda O'Toole" <rohitha@amadili.info>
  16. To: "admin@malware-traffic-analysis.net" <admin@malware-traffic-analysis.net>
  17. Subject: Re: Re: Meeting on Wednesday
  18. MIME-Version: 1.0
  19. Content-Type: multipart/mixed; boundary="----=_Part_58531_2086082376.157401729929786382"
  20.  
  21. ------=_Part_58531_2086082376.157401729929786382
  22. Content-Type: text/plain; charset=UTF-8
  23. Content-Transfer-Encoding: quoted-printable
  24.  
  25. Hello, please find attached remittance advice for our recent payment to you=
  26. =20
  27.  
  28. If you have questions on this please contact Melinda O'Toole for more infor=
  29. mation.
  30.  
  31. Thank you for your business - we appreciate it very much.
  32.  
  33. =0DMelinda O'Toole=0DYahoo
  34.  
  35.  
  36. =0D----Original Message-----=0DMelinda,
  37.  
  38. Brad should answer this soon.  We think he=E2=80=99s still on for it.
  39.  
  40. Sincerely,
  41.  
  42. The admin team
  43.  
  44. > On Mar 14, 2019, at 10:06 AM, Melinda O'Toole <autumn.solerno@yahoo.com> =
  45. wrote:
  46. >=20
  47. > Brad,
  48. >=20
  49. > Are we still up for the marketing meeting this coming Wednesday at 10:30 =
  50. AM?
  51. > We need to resolve these issues, as you well know.  Thanks in advance for=
  52.  
  53. > any help in this matter.
  54. >=20
  55. > Regards,
  56. >=20
  57. > Melinda O'Toole
  58. >=20
  59.  
  60. ------=_Part_58531_2086082376.157401729929786382
  61. Content-Type: application/msword; name="INF 664058691 F9210.doc"
  62. Content-Transfer-Encoding: base64
  63. Content-Disposition: attachment; filename="INF 664058691 F9210.doc"
  64.  
  65.  
  66. [data removed, SHA256 hash of attached file: 97072297e1abb4f5320b98fda94b6c44d090fc6f626f2d0a5684055ec24a617c, available at: https://app.any.run/tasks/d318e3dd-01b2-40a7-bf8f-cea0a11c0aad/]
  67.  
  68. ------=_Part_58531_2086082376.157401729929786382--
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top