SHARE
TWEET

2019-09-30 - Info from malspam pushing Shade ransomware

malware_traffic Sep 30th, 2019 928 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. MALSPAM PUSHING SHADE (TROLDESH) RANSOMWARE ON MONDAY 2019-09-30
  2.  
  3. ASSOCIATED EMAIL:
  4.  
  5. - https://pastebin.com/Zn9hhmLv
  6.  
  7. INFECTION CHAIN:
  8.  
  9. - Email --> Attached PDF file --> link in PDF file --> downloaded zip archive --> Extracted JS file --> retrieves Shade (Troldesh) ransomware binary
  10.  
  11. URLS ASSOCIATED WITH THIS INFECTION CHAIN:
  12.  
  13. - hxxp://gigazine[.]us/wp-content/languages/plugins/doc/
  14. - hxxps://www.blizzz[.]nl/wp-content/themes/vertikal/option-tree/assets/css/tF2Iu/2c.jpg
  15. - hxxp://jonnyb[.]org/alexhampton/_assets/css/doc/2c.jpg
  16.  
  17. FILE HASHES ASSOCIATED WITH THIS INFECTION CHAIN:
  18.  
  19. - SHA256 hash: 3c504429569ca24a2e664471a8944d078a11be2fcefc122003b3134420909e00  
  20. - File size: 32,871 bytes
  21. - File name: СДФ.pdf
  22. - File description: PDF attachment from malspam pushing Shade (Troldesh) ransomware
  23.  
  24. - SHA256 hash: 4d262d0ce7fb86a346924b2415da0be61d7dd4f78c34e39496a5b1801e4582ca
  25. - File size: 11,640 bytes
  26. - File name: doc.zip
  27. - File location: hxxp://gigazine[.]us/wp-content/languages/plugins/doc/
  28. - File description: Zip archive downloaded from link in the above PDF file
  29.  
  30. - SHA256 hash: a53b461aa9872f58e30269429fe4765d52b8c14c7cda3af5812279e35a2f7f78
  31. - File size: 17,751 bytes
  32. - File name: Информация о заказе 26.09.2018-29.xls.js
  33. - File description: Extracted JavaScript (.js) file extracted from the above zip archive.
  34.  
  35. - SHA256 hash: b648daf8cb29ad1cf72528d0e93a12c05f4752bd721173f035a5ee724fd97aa1
  36. - File size: 178,8928 bytes
  37. - File location: hxxps://www.blizzz[.]nl/wp-content/themes/vertikal/option-tree/assets/css/tF2Iu/2c.jpg
  38. - File location: hxxp://jonnyb[.]org/alexhampton/_assets/css/doc/2c.jpg
  39. - File location: C:\Users\[username]\AppData\Local\Temp\radAE6A6.tmp (various hex characters in file name)
  40. - File description: Shade (Troldesh) ransomware binary (Windows EXE)
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top