Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- MALSPAM PUSHING SHADE (TROLDESH) RANSOMWARE ON MONDAY 2019-09-30
- ASSOCIATED EMAIL:
- - https://pastebin.com/Zn9hhmLv
- INFECTION CHAIN:
- - Email --> Attached PDF file --> link in PDF file --> downloaded zip archive --> Extracted JS file --> retrieves Shade (Troldesh) ransomware binary
- URLS ASSOCIATED WITH THIS INFECTION CHAIN:
- - hxxp://gigazine[.]us/wp-content/languages/plugins/doc/
- - hxxps://www.blizzz[.]nl/wp-content/themes/vertikal/option-tree/assets/css/tF2Iu/2c.jpg
- - hxxp://jonnyb[.]org/alexhampton/_assets/css/doc/2c.jpg
- FILE HASHES ASSOCIATED WITH THIS INFECTION CHAIN:
- - SHA256 hash: 3c504429569ca24a2e664471a8944d078a11be2fcefc122003b3134420909e00
- - File size: 32,871 bytes
- - File name: СДФ.pdf
- - File description: PDF attachment from malspam pushing Shade (Troldesh) ransomware
- - SHA256 hash: 4d262d0ce7fb86a346924b2415da0be61d7dd4f78c34e39496a5b1801e4582ca
- - File size: 11,640 bytes
- - File name: doc.zip
- - File location: hxxp://gigazine[.]us/wp-content/languages/plugins/doc/
- - File description: Zip archive downloaded from link in the above PDF file
- - SHA256 hash: a53b461aa9872f58e30269429fe4765d52b8c14c7cda3af5812279e35a2f7f78
- - File size: 17,751 bytes
- - File name: Информация о заказе 26.09.2018-29.xls.js
- - File description: Extracted JavaScript (.js) file extracted from the above zip archive.
- - SHA256 hash: b648daf8cb29ad1cf72528d0e93a12c05f4752bd721173f035a5ee724fd97aa1
- - File size: 178,8928 bytes
- - File location: hxxps://www.blizzz[.]nl/wp-content/themes/vertikal/option-tree/assets/css/tF2Iu/2c.jpg
- - File location: hxxp://jonnyb[.]org/alexhampton/_assets/css/doc/2c.jpg
- - File location: C:\Users\[username]\AppData\Local\Temp\radAE6A6.tmp (various hex characters in file name)
- - File description: Shade (Troldesh) ransomware binary (Windows EXE)
RAW Paste Data