API tools faq
paste
malware_traffic

2020-06-30 (Tues) - Valak (soft_sig: mas37) info

malware_traffic
Jun 30th, 2020
11,346
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 5.83 KB | None | 0 0
raw download clone embed print report
  1. 2020-06-30 (TUESDAY) - VALAK (SOFT_SIG: MAS37) INFO
  2.  
  3. SHA256 HASHES FOR WORD DOCS PUSHING VALAK:
  4.  
  5. - 2343c127037f6941956db9e5813e67f721739e187b978c35de050b849f899cfe input_06.30.2020.doc
  6. - 43e2b0d9cc45327bd4ea0864d3eb258e95a7fc5bacdc2c523443e528da45c941 direct.06.20.doc
  7. - 5986dbadd90892a8bcbba4800934c76c919c3d76b77b624259bcfce6643c42ff instrument indenture_06.20.doc
  8. - 6b7b51feb85f6ddb4ce5b6df7ca291fb425961179ff9cc7efd8011bc64918ad9 commerce .06.20.doc
  9. - 6df6c10f882b5c56a22a14ef9ed611ebcb2e75e0977f784bc9e49fcea55f7466 dictate-06.20.doc
  10. - 713b8ee4d69ab5f7db4b5e24fd395d6bbbc0a0f8f8e7b2968b044d231972aab7 require_06.30.2020.doc
  11. - 8b3abaed216bb346e12c72deb04736fc1c924efe4afa5fdac5e652f3f04cc3b4 files-06.20.doc
  12. - d8b6998a8d8792c76872493c7fd53c3b6d00ae5c215c7ec814342c236fc7dc2b file,06.20.doc
  13. - f10db2247990e6ea29d90a8aeb567576af903d65654bd04d8ad910b68e5250fb statistics 06.20.doc
  14.  
  15. URLS FOR INITIAL VALAK DLL:
  16.  
  17. hxxp://178.62.53[.]215/wp-content/themes/busify/_PbLR41ZWteURSpWq.php?x=MDAwMSBoAcWc2LRSaD8wIm9JaB102ANxBYghOSvEzkivZDZpIV_9RdpNplA4sXyghImppb__CBNPq7MRzRvvamxjFBJqvGSFHBUH20_P1rrWVOqStAag0YNj2fw2igPzRkHALqIwTMgVHwh-vEJoPEt6&y=cmVxdWVzdC56aXA=
  18.  
  19. hxxp://www.anacatellieventos[.]com[.]br/wp-content/plugins/sheet-music-library/__oR_IjoGP8_PPzkx.php?x=MDAwMSBOWIGBFbL-0azkdhrhr-OPh01f1raq-dqZp2T_Xz3HnvPG8LlCasHir1TKR2aRS3OBH1iVy892lyVNDCyK53HizZpfKCDV2CT9bCfyYxhrIMLnkBYKeUZtLwztGhG9d3XCjNk9Aj8aQ5CcPxAz
  20.  
  21. hxxp://www.anacatellieventos[.]com[.]br/wp-content/plugins/sheet-music-library/__oR_IjoGP8_PPzkx.php?x=MDAwNSDHRDXq21curp6JP37js56dAJDy59u_m4kZy0_j_fo2A0jBFWxSPmi1cVnZ2w-LF5wRND5qlKZFE3HXK5Dl4OltE19g8ruAVxIcF0X3IRQZYy5c0lWI5SmxVAf1yLcBfvMtF4qOd8rfkHoFwYj-&y=R
  22.  
  23. hxxp://conserviengenharia[.]com[.]br/wp-content/plugins/sheet-music-library/__I9CUC7Zn37Tmtyh.php?x=MDAwMSAIvo8tTGdKdOH8kjyjFFCh-XE5VIsIFu3fqoCXWxtGVpbY-qVqAjCsVUDK7sE9HX19AICoppurif5iqVg_tMDBKNJuS7683zU8mSPQL5KzwabZP_PgTu-1G2_8Dos7JlUsW1xampyP5Yve7zOR
  24.  
  25. hxxp://conserviengenharia[.]com[.]br/wp-content/plugins/sheet-music-library/__I9CUC7Zn37Tmtyh.php?x=MDAwMiChmVzZFaUj2UP6oLqhT4Ot0cR5QoJoFKGajkLoNMJdNHkVW58HVR-Ud3PIxUAkMBR5_y5phdyK_FFgxZC-0xavF8gMwnryMLIC9VNvn77F7OIbzUxmEr1DahW91a8FZHEEhw2XAXbfhAkMGdx8&y=RkVBTV9UZWNobmljYWxfVHJhaW5pbmcuemlw
  26.  
  27. hxxps://www.cursosler[.]com[.]br/wp-content/plugins/sheet-music-library/_LSojVUoCxtLM8CCy.php?x=MDAwMiBH2Aq-Fe6hRnOMSiKlfruOtxOBzTKZYpw6Reqf_IqA6w19D0Fk9cUwhOqkSegPHyWcGVGOQuaoV3IGdN07R4e-dpVZgTf4_Bde9ToZGI8p_5C1Yn0QDDfXxip3xPpZVAjIJHM0syqZk09Bauz3&y=RXhjYWxp
  28.  
  29. hxxp://digifish3[.]com/blog/wp-content/themes/busify/_eWTFIH4ngoi2PJUl.php?x=MDAwMSBskYeC02Ql3VG8Ae9TVFHu6uY34q-zd5ISLrA1LlMNJ88yi_SVZUlkWiyyC9gmFThkFMVkHIlaI-DSlZPLLzSuvVgZWgWuujIh-VCBWg50AL-jKfRnl38NNw89_MLBalU19J9qyusiuA_X0pqC
  30.  
  31. hxxps://lartabea[.]org[.]br/wp-content/plugins/sheet-music-library/_8Q4vDIzBBCLZIBfR.php?x=MDAwNSB2z05LKE63zs0eKn89CKxK3-wtkZP4FOYnq1lgT7M2L7DF0RNkh69Xs4q5eD-p2BrpS9fva-4e7QhUUqs80c9JKaHQSCnG5oV19lKkotEc6Z2l1CjdMX1Q6wCHBoU_2KwLNphWYIkDKkdauUMi&y=RXhlY3V0aXZlX1RyYW5zcG9ydGF0aW9uLnppcA==
  32.  
  33. hxxps://www.nasproje[.]com/wp-content/plugins/sheet-music-library/_5PvmqsbqvY2g-wh3.php?x=MDAwMiAnZmeaQrFlmFmE-reGzl11dyp8nHkf7tZA00FI0qUQkeAt3qgDDe1W9Fj9MFXOjhilh2uLmMFN5Uf7sSEr0M1QZqVFRRH8A54H9Svc7kERi4H1D7onjJvaaiWOzFKfNAgyFo9wSGTAgTYIiiHj&y=RXhlY3V0aXZlX1RyYW5zcG9ydGF0aW9uLnppcA==
  34.  
  35. hxxp://ocean2river[.]com/wordpress/wp-content/themes/busify/_wAMow2Lxyz8UNW4i.php?x=MDAwMSDNZ6I-qdI0prPT2ls6nNKESOR20N1RgM4HmsjtZd5Qx1bvNQWxhc4k5fQyFxOaq4NYYdYCN7H4ui6Xf3XUN9_8e4MYUEAq79dVtJaqxFnJPCpZTL-8gDgQfUMyZSEnqQeDo3b7qVfOevWVm0In
  36.  
  37. hxxps://staging-emama[.]kinsta[.]cloud/wp-content/plugins/sheet-music-library/_3o2liPpLWjwlvele.php?x=MDAwMiBJBQIHyIO-konc33mauL3csnB4iEaU49FofYuMFnLCcS1sgkpU2TD6o6U1Rf4sfl_ZtBMvOEy41ygmZDivZtgSffqmYMNS2mH7kroNZ6mZbcndn3nNa635eaDr6uyjmbKY3MPFvcS57ab6BK-W&y=RkMuemlw
  38.  
  39. hxxp://stega[.]com[.]br/wp-content/plugins/simple-shortcode-block/_OZ-BEMMLLPU5qIHC.php?x=MDAwMiAAaHttuNUZONBCk-mgXSC2lsnySP3pkJK1Mhy1BQWmPR9BLadR6Po8Ounjrt7awnqhv6GIiIu7MOPbudr7rJUFTWEMx_f_uNVLHe-ofJmQ_y3JhxX7DPnsZ_58wIbwjfXZj8tvzeBh9xm9EP2k&y=cmVxdWVzdC56aXA=
  40.  
  41. hxxps://sx-facemask[.]com/wp-content/themes/busify/_Eb-6XZQPkeWFE2F0.php?x=MDAwMSCXfM02CmgQnk-DMmwZ6iqPCFHtzoeaRLfZrzLpiPzvIOSihDhzp9ISW4bpG92mmNuiHQNMEkLVrUmEz6koYzX70xVMGf6jVCqQeRVe7t85UJ6Q_r7oGwyZGzHnKZK1O-jzvCDYaZSg3VuYDRvD
  42.  
  43. hxxp://tarimelaletleri[.]com/wp-content/themes/busify/_b_X1VMX9WBjUof0v.php?x=MDAwMSDXdihR-B_9uYRXZr8uzD_lK1FjvBOUkpooQfnhuLhVk-yu2D-M_FsLWnqlUYMlRnp3lrJFujHVyr16rJgGNt8JuPzxCcoqEAx7F2kEsHQt4oFOQ8jzu-h4AkydP_i0H2l9euDG10ZNCwVQWEGm
  44.  
  45. hxxp://technodroidstore[.]tk/wp-content/plugins/sheet-music-library/_WgE2fcIjkMVSpvG6.php?x=MDAwMCCblyxN5bvCHAD2SK-NbX6VnNZ-zLp4CTygd2Qm2MeeoD7JCTxEbK7K5yfOsx4l21Gcg2dzLwvMNc336H0Pts8767i6OfkTPMbt3DE6m2Gu88-rHsFDNomqMbDUU4xz2ublm9qgYZUatmy5ZJLM&y=RkMuemlw
  46.  
  47. hxxp://technodroidstore[.]tk/wp-content/plugins/sheet-music-library/_WgE2fcIjkMVSpvG6.php?x=MDAwMSCavhlnM1n8jhvQHi8BIl0WCqQcoj2XDZ--FPGUNQrnmCmXh74O0ULhy_SWWrISJDyZ5U7-p1wuJtu7798sq8synKeM9WNuVvGsnkX6Hp-iq0fOpyFMjCp3jig8wTa_uEi5iwK3aSHhoWc4__Gd
  48.  
  49. INITIAL VALAK DLL:
  50.  
  51. - bff33dc4020ac8eeb354eb4a20f241f0bef6e1f15c029ba33b2350d84e8de42a C:\ProgramData\1.dat
  52.  
  53. INITIAL JAVASCRIPT WITH VALAK CONFIGURATION INFO:
  54.  
  55. - 32061d3b3c2d869560c1ecc5d82b8bda978a66d45e881f0e490d88dfc0488320 MVexBafTc.Sszxu
  56.  
  57. DECOY DOMAINS FOR VALAK C2 TRAFFIC:
  58.  
  59. - dev.visualwebsiteoptimizer[.]com
  60. - rad.msn.com.nsatc[.]net
  61. - tss-geotrust-crl.thawte[.]com
  62.  
  63. MALICIOUS DOMAINS FOR VALAK C2 TRAFFIC:
  64.  
  65. - aloveschool[.]com
  66. - ctbrt[.]com
  67. - naturestyle-moebel[.]com
  68. - 99swus-game[.]com
  69. - 64kapd-bowl[.]com
  70. - 19sped-lane[.]com
  71.  
  72. VALAK MALWARE INFO:
  73.  
  74. - SOFT_SIG: mas37
  75. - SOFT_VERSION: 42
  76.  
  77. FOLLOW-UP MALWARE HIDDEN USING ALTERNATE DATA STREAM (ADS) - ICEDID (BOKBOT) INSTALLER:
  78.  
  79. - d0a8c0a6811541b27a5d259ee4b6ca9917ca91a1eff2f6d0239fa3d389784066 C:\Users\Public\MUIRtcp.xml:75ef6a54
  80. - https://app.any.run/tasks/e3140f20-cd22-4625-894e-0969a4551b5d
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!