SHARE
TWEET

2019-02-14 - Emotet malspam example with download link

malware_traffic Feb 14th, 2019 (edited) 1,127 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-02-14 - EMOTET MALSPAM EXAMPLE WITH DOWNLOAD LINK
  2.  
  3. X-Originating-Ip: [108.163.227.227]
  4. Authentication-Results: [removed]; iprev=pass policy.iprev="108.163.227.227"; spf=pass smtp.mailfrom="juan.delacruz@nife.mx" smtp.helo="wolverine.fcdigital.com.mx"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=nife.mx
  5. Received: from [108.163.227.227] ([108.163.227.227:37690] helo=wolverine.fcdigital.com.mx)
  6.     by [removed] (envelope-from <juan.delacruz@nife.mx>) [removed];
  7.     Thu, 14 Feb 2019 18:20:54 -0500
  8. Received: from [192.0.19.5] (unknown [102.164.214.165])
  9.     by wolverine.fcdigital.com.mx (Postfix) with ESMTPSA id 2B1AC231A31B
  10.     for [removed]; Thu, 14 Feb 2019 17:20:52 -0600 (CST)
  11. Received-SPF: pass (wolverine.fcdigital.com.mx: connection is authenticated)
  12. Date: Fri, 15 Feb 2019 01:20:52 +0200
  13. From: [spoofed_sender_name] <juan.delacruz@nife.mx>
  14. To: [removed]
  15. Message-Id: <JYpReJ9zR3PuHCuS7a2vaDtFvksDryNhzb75KO2VM4JQxdlp7oT@[recipient's email domain]>
  16. Subject: new invoice from Autumn Solerno
  17. MIME-Version: 1.0
  18. Content-Type: text/html; charset=UTF-8
  19. Content-Transfer-Encoding: quoted-printable
  20. X-PPP-Message-ID: <20190214232054.19914.76044@wolverine.fcdigital.com.mx>
  21. X-PPP-Vhost: nife.mx
  22.  
  23. <table style=3D"background-color: #f8f8f7; width: 700px;" border=3D"0" cell=
  24. spacing=3D"0" cellpadding=3D"0">
  25. <tbody>
  26. <tr>
  27. <td style=3D"font-size: 16px; color: #565656;" align=3D"left" height=3D"127=
  28. "><strong><i>[spoofed sender's name]</i></strong></td>
  29. <td align=3D"right" width=3D"50%" height=3D"127"></td>
  30. </tr>
  31. <tr>
  32. <td colspan=3D"2" height=3D"25"><strong>Please view your new invoice.</stro=
  33. ng></td>
  34. </tr>
  35. <tr>
  36. <td colspan=3D"2">
  37. <table style=3D"width: 100%;" border=3D"0" cellspacing=3D"0" cellpadding=3D=
  38. "0">
  39. <tbody>
  40. <tr>
  41. <td valign=3D"top" width=3D"70%">
  42. <table style=3D"width: 90%;" border=3D"0" cellspacing=3D"0" cellpadding=3D"=
  43. 0">
  44. <tbody>
  45. <tr>
  46. <td style=3D"color: #565656; font-size: 14px;" colspan=3D"2" height=3D"50">=
  47. <strong>Account Number: E403195</strong></td>
  48. </tr>
  49. <tr>
  50. <td align=3D"center" width=3D"50%" height=3D"30"><strong>Invoice Number</st=
  51. rong></td>
  52. <td align=3D"center"><strong>Amount</strong></td>
  53. </tr>
  54. <tr><td align=3Dcenter>215400</td><td align=3Dcenter>$1,839.63</td></tr>
  55.  
  56. </tbody>
  57. </table>
  58. </td>
  59. <td width=3D"30%">
  60. <p>Click to connect eInvoice billing System</p>
  61.  
  62.  <a href=3D"hxxp://rasteniyam[.]ru/verif.accs.send.net/" target=3D"_blank" =
  63. style=3D"font-size: 14px; font-family: Arial, Helvetica, sans-serif; color:=
  64.  #ffffff; text-decoration: none; border-radius: 3px; -webkit-border-radius:=
  65.  3px; -moz-border-radius: 3px; background-color: #9a2ba1; border-top: 9px s=
  66. olid #9a2ba1; border-bottom: 9px solid #9a2ba1; border-right: 15px solid #9=
  67. a2ba1; border-left: 15px solid #9a2ba1; display: inline-block; box-shadow: =
  68. 0 1px 4px rgba(50,50,50,0.6);alt=3D"Launch eInvoice Connect";" class=3D"bil=
  69. l-content-cta"><b>eInvoice Connect</b></a>
  70.  
  71.  
  72. <p>If the above button doesn't work, please click or copy the below link to=
  73.  your browser</p>
  74. <p><a style=3D"color: #518aa8;" href=3D"hxxp://rasteniyam[.]ru/verif.accs.s=
  75. end.net/">http://sec.accs.send.biz/</a></p>
  76. </td>
  77. </tr>
  78. </tbody>
  79. </table>
  80. </td>
  81. </tr>
  82. <tr>
  83. <td colspan=3D"2" height=3D"50"><strong>Thank you for using <i>[spoofed sen=
  84. der's name]</i> eInvoice Connect</strong></td>
  85. </tr>
  86. </tbody>
  87. </table>
  88. <!--ENDBODY-->
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top