SHARE
TWEET

2017-10-02 Locky "Emailed Invoice - NNNNNN"

Racco42 Oct 2nd, 2017 1,063 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2017-10-02: #locky email plhishing campaign "Emailed Invoice - NNNNNN"
  2.  
  3. Email sample:
  4. ----------------------------------------------------------------------------------------------------------------------------
  5. From: Carey Burnaby <Carey@[REDACTED]>
  6. To: [REDACTED]
  7. Subject: Emailed Invoice - 371744
  8. Date: Mon, 02 Oct 2017 10:47:02 -0500
  9.  
  10. As requested
  11.  
  12. regards
  13. Carey Burnaby
  14.  
  15. --
  16. Carey Burnaby
  17.  
  18. Attachment: I_371744.7z -> I_538446.js
  19. ----------------------------------------------------------------------------------------------------------------------------
  20. - sender address is forged to look like coming from domain of recipient
  21. - subject is "Emailed Invoice - <6 digits>"
  22. - attached file "I_<6 digits>.7z contains file "I_<6 digits>.js", a JScript downloder which downloads from:
  23.  
  24. Download sites:
  25. http://alexandradickman.com/873gfhi3f3r
  26. http://goliathstoneindustries.com/873gfhi3f3r
  27. http://honeypot.egdevcenter.com/873gfhi3f3r
  28. http://ichinose.de/873gfhi3f3r
  29. http://jeangurunlian.com/873gfhi3f3r
  30. http://kartprinterleri.com/873gfhi3f3r
  31. http://leightonbrothers.co.uk/873gfhi3f3r
  32. http://missiegeslaagd.nl/873gfhi3f3r
  33. http://motifahsap.com/873gfhi3f3r
  34. http://pacalik.net/873gfhi3f3r
  35. http://petrochemus.com/873gfhi3f3r
  36. http://robsacks.com/873gfhi3f3r
  37. http://schwellenwertdaten.de/873gfhi3f3r
  38. http://shamanic-extracts.biz/873gfhi3f3r
  39. http://skyehoppus.com/873gfhi3f3r
  40. http://theceocforeporter.com/873gfhi3f3r
  41. http://wallstproperties.com/873gfhi3f3r
  42.  
  43. Malware:
  44. - Locky, offline yckol variant
  45. - SHA256: 02defb0346aebb019053937cff0a3ee10ee51d3396e0c065f723694554ccf447, MD5: 52bc22f77e8091bd59635d481c9512f9
  46. - VT: https://www.virustotal.com/en/file/02defb0346aebb019053937cff0a3ee10ee51d3396e0c065f723694554ccf447/analysis/1506965734/
  47. - HA: https://www.reverse.it/sample/02defb0346aebb019053937cff0a3ee10ee51d3396e0c065f723694554ccf447?environmentId=100
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top