Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-07-21: #TrickBot email phishing campaign "Voice Message Attached from NNNNNNNNNNN - name unavailable"
- -------------------------------------------------------------------------------------------------------------
- From: <vm@unlimitedhorizon.co.uk>
- To: [REDACTED]
- Subject: Voice Message Attached from 01258898588 - name unavailable
- Date: Fri, 21 Jul 2017 09:58:01 -0200
- Time: 21-Jul-2017 10:15:23
- Click attachment to listen to Voice Message
- Attachment: 01258898588_1020422_553798.zip
- -------------------------------------------------------------------------------------------------------------
- - sender is vm@unlimitedhorizon.co.uk
- - subject is "Voice Message Attached from <11 digits> - name unavailable"
- - attached file "<11 digits>_<7 digits>_<6 digits>.zip" contains file "<11 digits>_<7 digits>_<6 digits>.wsf", which will donwload another downloader from:
- Download sites, stage1
- http://ask3.com/sdfgdsg1?
- http://assieme.ch/sdfgdsg1?
- http://atc-academy.com/sdfgdsg1?
- http://atelier-2.ch/sdfgdsg1?
- http://atelier-kreft.de/sdfgdsg1?
- http://atolyekileroyunculari.com/sdfgdsg1?
- http://atrenz.de/sdfgdsg1?
- http://aube-genealogie.com/sdfgdsg1?
- http://audiotek.ca/sdfgdsg1?
- http://augsburger-maerchentheater.de/sdfgdsg1?
- http://aupaircol.com/sdfgdsg1?
- http://ausbildungscenter.net/sdfgdsg1?
- http://autobahnhexham.co.uk/sdfgdsg1?
- http://autobody.cciwest.net/sdfgdsg1?
- http://autocares-segui.com/sdfgdsg1?
- http://autoecoleciammarughi.com/sdfgdsg1?
- http://autoecole-jeanlouis.com/sdfgdsg1?
- http://auto-ecole-prudence.com/sdfgdsg1?
- http://autoghinzani.it/sdfgdsg1?
- http://autogrand.perm.ru/sdfgdsg1?
- http://autoparts-24.de/sdfgdsg1?
- http://autopin.co.uk/sdfgdsg1?
- http://avallon-informatique.fr/sdfgdsg1?
- http://avarus.de/sdfgdsg1?
- http://avocats-france-maroc.com/sdfgdsg1?
- http://avra-beach.gr/sdfgdsg1?
- The downoaded file is MSHTA file with embedded VBScript script that will download malware from:
- Download sites, malware:
- http://aprendersalsa.com/nhg67r
- http://artegraf.org/nhg67r
- http://asheardontheradiogreens.com/nhg67r
- http://asuntomaailma.com/nhg67r
- Malware:
- - encoded on download, SHA256 1e2fa559dda59ddc5136aef1fef1ba4dc7eae952fd1a4c22a6e1fbd127c98987, MD5 7e66515f482f756343182262ded57516
- - decode by XORing with XNgLF7ImvxpibFPLuwhGK8ZXfBCO3q68
- - decoded SHA256 2c700512154df2924c8cdd22bce7d961e07a5317fcd3a969e94ec4eb14b4ffa4, MD5 58578c7b40de85473fa3ed61a8325531
- - VT: https://www.virustotal.com/file/2c700512154df2924c8cdd22bce7d961e07a5317fcd3a969e94ec4eb14b4ffa4/analysis/
- - HA: https://www.reverse.it/sample/2c700512154df2924c8cdd22bce7d961e07a5317fcd3a969e94ec4eb14b4ffa4?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement