API tools faq
paste
Racco42

2017-09-20 Locky "Status of invoice A217xxx"

Racco42
Sep 20th, 2017
4,068
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.96 KB | None | 0 0
raw download clone embed print report
  1. 2017-09-20: email phishing campaign "Status of invoice A217NNNN-NN"
  2.  
  3. Email sample:
  4. ---------------------------------------------------------------------------------------------------------------
  5. From: "Marta Scrivens" <[email protected]>
  6. To: [REDACTED]
  7. Subject: Status of invoice A2172208-39
  8. Date: Wed, 20 Sep 2017 11:19:03 +0300
  9.  
  10. Hello,
  11.  
  12. Could you please let me know the status of the attached invoice? I
  13. appreciate your help!
  14.  
  15. Best regards,
  16.  
  17. Marta Scrivens
  18. Tel: 206-575-6675 x 100
  19. Fax: 206-575-8533
  20. *NEW* <mailto:[email protected]> [email protected]
  21.  
  22. Attachment: A2172208-39.rar -> 20080920_333407.vbs
  23. ---------------------------------------------------------------------------------------------------------------
  24. - attached file "A217<4 digits>-<2 digits>.rar" contains file "20080920_<6 digits>.vbs", a VBScript downloader
  25.  
  26. Download sites:
  27. http://68.171.49.151/RSkfsNR7
  28. http://digiviews.co.uk/RSkfsNR7
  29. http://hard-grooves.com/RSkfsNR7
  30. http://hellonwheelsthemovie.com/RSkfsNR7
  31. http://mariamandrioli.com/RSkfsNR7
  32. http://pyefittedfurniture.co.uk/RSkfsNR7
  33. http://rockrak.com/RSkfsNR7
  34. http://ryterorrephat.info/af/RSkfsNR7
  35. http://viwa.homelinux.com/RSkfsNR7
  36. http://wilvreeburg.nl/RSkfsNR7
  37.  
  38. Malware:
  39. - locky, offline .yclok variant
  40. - SHA256: da386efced7535a1262ae9ede6988e27bdc6fca3411da14e6db02158aa37a5c9, MD5: fd365e280b5d5125d7045fd10f877e58
  41. - SHA256: 614bfea6b81f56b59bd0f2222b65b57571796245a7886a8e31be8a3ccd0e5617, MD5: 051abecc907d95bac508bb5445bd55eb
  42. - VT: https://www.virustotal.com/en/file/da386efced7535a1262ae9ede6988e27bdc6fca3411da14e6db02158aa37a5c9/analysis/1505895881/
  43. - VT: https://www.virustotal.com/#/file/614bfea6b81f56b59bd0f2222b65b57571796245a7886a8e31be8a3ccd0e5617/detection
  44. - HA: https://www.reverse.it/sample/da386efced7535a1262ae9ede6988e27bdc6fca3411da14e6db02158aa37a5c9?environmentId=100
  45. - HA: https://www.reverse.it/sample/614bfea6b81f56b59bd0f2222b65b57571796245a7886a8e31be8a3ccd0e5617?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!