Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- https://twitter.com/DynamicAnalysis/status/1257369145177526272?s=20
- ZLoader malspam (with .xlsm attachments) coming from aol addresses on 05/04/20. Downloader URLs included:
- http://theislandmen.com/wp-smart.php
- http://shetkarimarket.com/wp-snapshots/tmp/wp-smart.php
- Both redirect to ZLoader DLL at:
- http://visadvise.com/cgi-bin/s2dhfwe.php
- Active C2s from the sample on this date:
- https://rswtgmhf.pw/wp-config.php (resolved to 47.241.108.179 on this date)
- https://fwgdhdln.icu/wp-config.php (resolved to 8.208.3.130 on this date)
- https://pwnuuhiikmjmkrjeyuxr.com/post.php (active DGA domain resolved to 5.53.124.144 on this date)
- Full list of DGAs:
- achbisjjkihqsyoaihmg.com
- tdsbxwbarchmwavsjimo.com
- pgalqbkxelhtvualpoha.com
- tqgrdrcnffewtbqenjsa.com
- kolaitxpngdoieylltnp.com
- piydguvyuwqjfgfapdks.com
- blsdaibtsfuhikwvtyxs.com
- wvtpfmkxblvpjspdkutn.com
- wcadieylottjkrliqjur.com
- jeicekggiydgctuknhmt.com
- womuqitjkvuabdhyykmj.com
- tasbrhccifajxyrbmcga.com
- rfhvoiwkmmpqjpvdgxhr.com
- fsfcogxscgowecjsyvqh.com
- sjiwryqclrcadiwcenjv.com
- atxpymyuefpnrgbymvro.com
- lqbhfxmxbbisonshbefj.com
- xuuotbqgjalpledwottm.com
- nodfhvofnloprtfwlxyy.com
- kwokrlixscyoaiqmhriv.com
- qkdjbvcsthyrtiejaxsp.com
- rvaneeovpmfpcjyfcbek.com
- lkmpcagrrgxhofmsvlhw.com
- pwnuuhiikmjmkrjeyuxr.com
- bsahvhkkhgkbxluwasah.com
- vsxnodiaswmycekudbmn.com
- bkbubsrivqhdqktcehln.com
- mrpmtpirkfljvsxxqoju.com
- cqibdhgyppijnreplpah.com
- aqehtklvwsanpefmkcbk.com
- uecphxxqlgfkirhunyut.com
- qohlvtpcoxxfdrwdysvi.com
- .xlsm sample:
- https://app.any.run/tasks/19abc6bd-1595-42e8-8359-2ec5d93d245e/
- ZLoader sample:
- https://www.virustotal.com/gui/file/53283e084e43c993b12db2affe159525c6e203657e4f69d989499308ab302f52/detection
Add Comment
Please, Sign In to add comment