API tools faq
paste
Advertisement
Racco42

Locky "Copy"

Racco42
Sep 6th, 2016
1,714
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.23 KB | None | 0 0
raw download clone embed print report
  1. 2016-09-06 #locky phishing email campaign "Copy"
  2.  
  3. Email sample:
  4. -----------------------------------------------------------------------------------------------------
  5. Subject: Copy
  6. To: Recipients <djijujpok@racco.cz>
  7. From: "Dana parkin" <Dana639@racco.cz>
  8.  
  9. -----------------------------------------------------------------------------------------------------
  10. Attached file "payment slip <random_number>.zip" contains file "<random_number>.js"; however, the file is .hta file so it refuses to run. Othewise it would download malware from:
  11.  
  12. Download sites (actual URLs contain ?<random>=<random> suffix, which has no impact on download):
  13. http://conserpa.vtrbandaancha.net/8976fyvgg
  14. http://daedalus.dommel.be/8976fyvgg
  15. http://dussartconsulting.com/8976fyvgg
  16. http://iesjaumei.edu.gva.es/8976fyvgg
  17. http://immobilien1000.de/8976fyvgg
  18. http://knochem.samsu.ru/8976fyvgg
  19. http://maxshoppppsr.biz/js/8976fyvgg
  20. http://propaganda.nichost.ru/8976fyvgg
  21. http://www.apmmc.it/8976fyvgg
  22. http://www.assonet.org/8976fyvgg
  23. http://www.caminettilcd.it/8976fyvgg
  24. http://www.carloabati.com/8976fyvgg
  25. http://www.csm94.org/8976fyvgg
  26. http://www.dondana.com/8976fyvgg
  27. http://www.francescafraioli.it/8976fyvgg
  28. http://www.hotelancorariviera.com/8976fyvgg
  29. http://www.ieslamerced.es/8976fyvgg
  30. http://www.leprimodels.it/8976fyvgg
  31. http://www.mussystems.net/8976fyvgg
  32. http://www.saumi.jazztel.es/8976fyvgg
  33. http://www.ussanlorenzo.it/8976fyvgg
  34. http://www.vanhoenacker.net/8976fyvgg
  35.  
  36. Malware:
  37. Syntax error:
  38. https://www.reverse.it/sample/b9f15b930523ce2b6a61c51a764de2d2131d329034c63cfc79ba0eb377bf5de6?environmentId=100
  39. https://www.reverse.it/sample/85b2d4cfd4c19f018f00d5c563e3b6b3caa4bf2943494d15196811fa0942244c?environmentId=100
  40. https://www.reverse.it/sample/8cf5cca2095a1d675808a0c752bb2cfb20452e9ddb4250132614e7de76c14e57?environmentId=100
  41. https://www.reverse.it/sample/19f9608c0c21cac3bf74c6c9536d021a6049877b1c6cfc8fcdd1b6750269b65b?environmentId=100
  42.  
  43. Fixed:
  44. https://www.reverse.it/sample/d95bc7a8be93c6c77914ea9229d4725422565d44df60e7818bd91085ca37f07b?environmentId=100
  45. https://www.reverse.it/sample/e439b075c2474591ec726b273dff243fd78fa6e7c075e68fdcb97bbd5771b6ae?environmentId=100
  46.  
  47. decoded: SHA256 0f8163088cccb33ad415bd19b06aebe4cb26459c9529d455b01278e2b8f2fe75
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!