Advertisement
Racco42

2017-09-18 Locky "Message from KM_C224e"

Sep 18th, 2017
2,991
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.72 KB | None | 0 0
  1. 2017-09-18: #locky email phishing campaign "Message from KM_C224e"
  2.  
  3. Email sample:
  4. -------------------------------------------------------------------------------------------------------------
  5. From: <copier@[REDACTED]>
  6. To: [REDACTED]
  7. Subject: Message from KM_C224e
  8. X-Mailer: KONICA MINOLTA bizhub C224e
  9. Date: Mon, 18 Sep 2017 14:35:03 -0500
  10.  
  11. Attachment: 20171809_12476062947.7z -> 20170918_84047158233.vbs
  12. -------------------------------------------------------------------------------------------------------------
  13. - sender is "copier@<recipient's domain>"
  14. - subject is "Message from KM_C224e"
  15. - email body is empty
  16. - attached file "20171809_<11 digits>.7z" contains file "20171809_<11 digits>.vbs", a VBScritp downloader
  17.  
  18. Download sites:
  19. http://accountingservices.apec.org/DKndhFG72
  20. http://autoecoleeurope.com/DKndhFG72
  21. http://autoecolekim95.com/DKndhFG72
  22. http://cornyproposals.com/DKndhFG72
  23. http://demopowerindo.com/DKndhFG72
  24. http://dmlex.adlino.be/DKndhFG72
  25. http://eurecas.org/DKndhFG72
  26. http://georginabringas.com/DKndhFG72
  27. http://lasdamas.com/DKndhFG72
  28. http://montecortelhas.com/DKndhFG72
  29. http://petromarket.ir/DKndhFG72
  30. http://pnkparamount.com/DKndhFG72
  31. http://targeter.su/p66/DKndhFG72
  32. http://v-chords.de/DKndhFG72
  33. http://walkama.net/DKndhFG72
  34. http://wenger-werkzeugbau.de/DKndhFG72
  35. http://wiskundebijles.nu/DKndhFG72
  36.  
  37. Malware:
  38. - locky, .ykcol variant
  39. - SHA256: 24b29b6c856f24b4385b8aefedada88cb3aebf88b29b90348a928d8bae5c7cc2, MD5: bab1c043a2fba947f682b6a012a9f362
  40. - VT: https://www.virustotal.com/en/file/24b29b6c856f24b4385b8aefedada88cb3aebf88b29b90348a928d8bae5c7cc2/analysis/1505762333/
  41. - HA: https://www.reverse.it/sample/24b29b6c856f24b4385b8aefedada88cb3aebf88b29b90348a928d8bae5c7cc2?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement