2019-08-26 Amadey/Hancitor

1. 13c726dca03799a4d97a114acdb857abad19c063bb0410db7c5ea6d553f822f5 16387592478.vbs
2. b0410db7c5ea6d553f822f5 (GET)
3. ********************************************************************************
4. * Information for 13c726dca03799a4d97a114acdb857abad19c063bb0410db7c5ea6d553f822f5
5. * Observable type: hash.sha256 (Auto-detected: True)
6. ********************************************************************************
7. Not seeing what you expect? Likely not a valid site. Try running with --list-sites
8.  
9. [+] VirusTotal File Report Results
10. [-] Date submitted: 2019-08-26 13:33:19
11. [-] Detected engines: 15
12. [-] Total engines: 56
13. [-] Scans: ('F-Prot', 'VBS/Agent[.]TO')
14. [-] Scans: ('Symantec', 'JS[.]Dropper')
15. [-] Scans: ('Kaspersky', 'Trojan-Dropper.VBS[.]Agent[.]mi')
16. [-] Scans: ('Rising', 'Trojan[.]Obfus/VBS!1[.]BB5E (CLASSIC)')
17. [-] Scans: ('Sophos', 'VBS/Drop-BHX')
18. [-] Scans: ('Comodo', 'Malware@#ghwfb6oydfsu')
19. [-] Scans: ('DrWeb', 'VBS[.]Siggen.7923')
20. [-] Scans: ('Emsisoft', 'Trojan[.]Script (A)')
21. [-] Scans: ('Cyren', 'VBS/Agent[.]TO')
22. [-] Scans: ('ZoneAlarm', 'Trojan-Dropper.VBS[.]Agent[.]mi')
23. [-] Scans: ('Microsoft', 'Trojan:VBS/Obfuse')
24. [-] Scans: ('Tencent', 'Vbs.Trojan-dropper[.]Agent[.]Amlz')
25. [-] Scans: ('Ikarus', 'Trojan[.]VBS[.]Obfuse')
26. [-] Scans: ('GData', 'Script.Trojan[.]Agent[.]RERXUM')
27. [-] Scans: ('Qihoo-360', 'virus[.]vbs[.]qexvmc.1080')
28.  
29. 36e75ea189f2f96f370bfa6296116a13d36caf46537a834889ce1241e9e813cf dh7Report_28_BIm.vbs
30. 37a834889ce1241e9e813cf (GET)
31. ********************************************************************************
32. * Information for 36e75ea189f2f96f370bfa6296116a13d36caf46537a834889ce1241e9e813cf
33. * Observable type: hash.sha256 (Auto-detected: True)
34. ********************************************************************************
35. Not seeing what you expect? Likely not a valid site. Try running with --list-sites
36.  
37. [+] VirusTotal File Report Results
38. [-] Date submitted: 2019-08-23 01:36:44
39. [-] Detected engines: 3
40. [-] Total engines: 57
41. [-] Scans: ('Cyren', 'VBS/Danabot.A[.]gen!Camelot')
42.  
43. Links from email that are still working:
44. ========================================
45. http://wanchoychili.com/testtest.wanchoychili.com/page1/
46. http://virtualteamonline.com/virtualsolutionprovider.com/page4/
47. -- Login: [email protected] Password: 35d72c1f
48. http://thegigasgroup.com/wp-admin/page1/ --> Zip file was no longer available though
49. -- Username: [email protected] Password: 258b9ebe
50.  
51. Links from email that are not working:
52. ======================================
53. http://strommashina.by/wp-admin/vp3/
54. http://tarakangroupsro.com/wp-admin/vp3/
55. http://wangjiaolian.club/wp-admin/page5/
56. http://unplasticomenos.com/wp-includes/page3/
57. http://amanda.cl/wp-admin/page3/
58. http://ywp-ng.org/cgi-bin/vp3/
59.  
60. Subjects of emails over the last 7 days from [email protected]
61. ==========================================================
62. An automatic Income tax Refund Notification
63. An automatic Tax Refund Message
64. Automated Tax Refund Reminder
65. Automated Tax Return Reminder
66. Automatic Tax Return Message
67. An automatic Tax Return Notice
68. Automatic Income tax Return Reminder
69. Automatic Tax Refund Notice
70. Automatic Tax Return Notice
71. Automatic Tax Return Reminder
72. Electronic Income tax Refund Reminder
73. Electronic Tax Refund Notification
74. Electronic Tax Return Notice
75. An automatic Income tax Return Reminder
76. An automatic Tax Refund Notice
77. An automatic Tax Return Alert
78. Automated Income tax Refund Message
79. Automated Income tax Refund Notification
80. Automated Income tax Return Notice
81. Automated Tax Refund Message
82. Automated Tax Refund Notice
83. Automated Tax Return Alert
84. Automatic Income tax Return Message
85. Automatic Tax Refund Reminder
86. Electronic Income tax Return Reminder
87. Electronic Tax Refund Alert
88. Electronic Tax Return Alert
89. An automatic Income tax Refund Alert
90. An automatic Income tax Refund Message
91. An automatic Income tax Refund Reminder
92. An automatic Income tax Return Notice
93. An automatic Income tax Return Notification
94. An automatic Tax Return Message
95. Automated Income tax Refund Alert
96. Automated Income tax Refund Notice
97. Automated Income tax Refund Reminder
98. Automated Income tax Return Alert
99. Automated Income tax Return Message
100. Automated Income tax Return Notification
101. Automated Income tax Return Reminder
102. Automated Tax Refund Alert
103. Automated Tax Refund Notification
104. Automated Tax Return Message
105. Automated Tax Return Notice
106. Automated Tax Return Notification
107. Automatic Income tax Refund Message
108. Automatic Income tax Refund Notice
109. Automatic Income tax Refund Notification
110. Automatic Income tax Refund Reminder
111. Automatic Income tax Return Notice
112. Automatic Tax Refund Alert
113. Automatic Tax Refund Message
114. Automatic Tax Return Alert
115. Automatic Tax Return Notification
116. Book top rated generic treatment products here!
117. Electronic Income tax Refund Notification
118. Electronic Income tax Return Alert
119. Electronic Income tax Return Message
120. Electronic Income tax Return Notice
121. Electronic Income tax Return Notification
122. Electronic Tax Refund Notice
123. Electronic Tax Return Notification
124.  
125. IP address of sender:
126. =====================
127. 85.214.22.84
128. https://www.abuseipdb.com/check/85.214.22.84
129. - ISP Strato AG
130. - Usage Type Data Center/Web Hosting/Transit
131. - Hostname(s) sb-konzept.de
132. - Domain Name strato.de
133. - Country Germany
134. - City Berlin, Berlin