Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-09-26:#locky email phishing campaign "INVOICE"
- Email sample:
- -------------------------------------------------------------------------------------------------------------
- From: Terri Plummer <sales@[REDACTED]>
- To: [REDACTED]
- Subject: INVOICE
- Date: Tue, 26 Sep 2017 10:52:50 -0200
- Dear Sir,
- PLEAS FIND ATTACHED YOUR INVOICE AS REQUESTED.
- Thank you and Kind regard's
- *Terri*
- *For Techno-Packaging.*
- P *Please consider the environment =E2=80=93 only print this e-mail if absolutely necessary*
- Attachment: A950391802.7z -> A40092489740.vbs
- -------------------------------------------------------------------------------------------------------------
- - email address of sender is forged to sales@<sender's domain>
- - subject is INVOICE
- - attached file "A<8-12 digits>.7z" contain file "A<9-11 digits>.vbs", a VBScript downloader which will download file from :
- Download sites:
- http://bodywork-sf.net/dg6rerg
- http://boetsebiltong.co.za/dg6rerg
- http://bouwpartnerzaagenschaaf.nl/dg6rerg
- http://brand-online.eu/dg6rerg
- http://brascopperchile.cl/dg6rerg
- http://bredabeckerle.com/dg6rerg
- http://brendo.biz/dg6rerg
- http://broadcastaudiodevices.com/dg6rerg
- http://bsfotodesign.com/dg6rerg
- http://cadsangiorgio.com/dg6rerg
- http://caldas-cca.com/dg6rerg
- http://playbrief.info/p66/dg6rerg
- http://antwerpvillas.com/niugufvt4
- http://apethorpevillage.co.uk/niugufvt4
- http://asi-automazioni.com/niugufvt4
- http://freevillemusic.com/niugufvt4
- http://galeona.com/niugufvt4
- http://gdrural.com.au/niugufvt4
- http://geocean.co.id/niugufvt4
- http://gilgroup.com/niugufvt4
- http://giraudnet.co.uk/niugufvt4
- http://glostrap.com/niugufvt4
- http://graficasicarpearanjuez.com/niugufvt4
- http://granado.es/niugufvt4
- http://hkcel.com/niugufvt4
- http://hmbre.com/niugufvt4
- http://poemsan.info/p66/niugufvt4
- Malware:
- - locky, offline .ykcol variant
- - SHA256: 376d73b2e5ae398e2158871e1b72850a748cf0d9c2c37a65ad5af368523c4749, MD5: b035ddc1f0738c3f90cb5c0b804e1775
- - SHA256: e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4, MD5: 1c1a6b70b5e2b13c019d5cbdf0f12738
- - VT: https://www.virustotal.com/en/file/376d73b2e5ae398e2158871e1b72850a748cf0d9c2c37a65ad5af368523c4749/analysis/1506485634/
- - VT: https://www.virustotal.com/en/file/e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4/analysis/1506525616/
- - HA: https://www.hybrid-analysis.com/sample/376d73b2e5ae398e2158871e1b72850a748cf0d9c2c37a65ad5af368523c4749?environmentId=100
- - HA: https://www.hybrid-analysis.com/sample/e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4?environmentId=10
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement