Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2020-09-15 - BAZARLOADER MALWARE FROM GOOGLE DOCS PAGE
- REFERENCE:
- - https://twitter.com/malware_traffic/status/1305970293253574661
- NOTE:
- - A link to this Google Docs page was likely sent through malspam.
- GOOGLE DOCS URL FOR DOWNLOAD PAGE:
- - hxxps://docs.google[.]com/document/d/e/2PACX-1vT-goZJung2xJeUM9yzqTqRV8oSbrbFaGr23IwyInIPyNL7HUBBetwB7y5FQehfNU_mg1wWHhP2ceeT/pub
- EXAMPLES OF URLS FROM THE DOWNLOAD PAGE:
- - hxxps://www.google[.]com/url?q=hxxps://unitedyfl[.]com/Print_Preview.exe&sa=D&ust=1600182579826000&usg=AOvVaw2eIp2TcrA_2xIkQMxOmL74
- - hxxps://www.google[.]com/url?q=hxxps://rayanat[.]com/Print_Preview.exe&sa=D&ust=1600194315747000&usg=AOvVaw30078SJ1v2wGq_FLGpEAbf
- - hxxps://www.google[.]com/url?q=hxxps://calacatta[.]com/Preview.exe&sa=D&ust=1600203326242000&usg=AOvVaw1BN3mdAtVWqS3An8X-Vy9L
- BAZARLOADER SAMPLES:
- - SHA256 hash: 34cc67888cd38da7aeb52508b48ad71287c402aecb72bccca7cbd3a0cd8fe985
- - File size: 257,208 bytes
- - File location: hxxps://unitedyfl[.]com/Print_Preview.exe
- - Sandbox analysis: https://app.any.run/tasks/975fb69c-b5eb-49c7-8d8f-332d34b6f46b/
- - SHA256 hash: 09557d538aee094d168a4b4fb5174d742fe81dd59dd27e2eee078fb3f10d9017
- - File size: 582,840 bytes
- - File location: hxxps://rayanat[.]com/Print_Preview[.]exe
- - Sandbox analysis: https://app.any.run/tasks/d0b1de23-ac5a-4274-afa0-4066fcb51844/
- - SHA256 hash: 18fe9ceab0a17ddc71f7b7a206c1c127d62a0a86c62573b8c018ab562da1fd6e
- - File size: 257,208 bytes
- - File location: hxxps://calacatta[.]com/Preview.exe
- - Sandbox analysis: https://app.any.run/tasks/b21c7dbe-7a74-48d3-9762-874c3c80c9e0/
Add Comment
Please, Sign In to add comment
