Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-09-20: email phishing campaign "Status of invoice A217NNNN-NN"
- Email sample:
- ---------------------------------------------------------------------------------------------------------------
- From: "Marta Scrivens" <ordering@ekml-securite.ch>
- To: [REDACTED]
- Subject: Status of invoice A2172208-39
- Date: Wed, 20 Sep 2017 11:19:03 +0300
- Hello,
- Could you please let me know the status of the attached invoice? I
- appreciate your help!
- Best regards,
- Marta Scrivens
- Tel: 206-575-6675 x 100
- Fax: 206-575-8533
- *NEW* <mailto:Ordering@ekml-securite.ch> Ordering@ekml-securite.ch
- Attachment: A2172208-39.rar -> 20080920_333407.vbs
- ---------------------------------------------------------------------------------------------------------------
- - attached file "A217<4 digits>-<2 digits>.rar" contains file "20080920_<6 digits>.vbs", a VBScript downloader
- Download sites:
- http://68.171.49.151/RSkfsNR7
- http://digiviews.co.uk/RSkfsNR7
- http://hard-grooves.com/RSkfsNR7
- http://hellonwheelsthemovie.com/RSkfsNR7
- http://mariamandrioli.com/RSkfsNR7
- http://pyefittedfurniture.co.uk/RSkfsNR7
- http://rockrak.com/RSkfsNR7
- http://ryterorrephat.info/af/RSkfsNR7
- http://viwa.homelinux.com/RSkfsNR7
- http://wilvreeburg.nl/RSkfsNR7
- Malware:
- - locky, offline .yclok variant
- - SHA256: da386efced7535a1262ae9ede6988e27bdc6fca3411da14e6db02158aa37a5c9, MD5: fd365e280b5d5125d7045fd10f877e58
- - SHA256: 614bfea6b81f56b59bd0f2222b65b57571796245a7886a8e31be8a3ccd0e5617, MD5: 051abecc907d95bac508bb5445bd55eb
- - VT: https://www.virustotal.com/en/file/da386efced7535a1262ae9ede6988e27bdc6fca3411da14e6db02158aa37a5c9/analysis/1505895881/
- - VT: https://www.virustotal.com/#/file/614bfea6b81f56b59bd0f2222b65b57571796245a7886a8e31be8a3ccd0e5617/detection
- - HA: https://www.reverse.it/sample/da386efced7535a1262ae9ede6988e27bdc6fca3411da14e6db02158aa37a5c9?environmentId=100
- - HA: https://www.reverse.it/sample/614bfea6b81f56b59bd0f2222b65b57571796245a7886a8e31be8a3ccd0e5617?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement