API tools faq
paste
Advertisement
malware_traffic

2020-09-11 (Friday) - myResume.xls pushes ZLoader (Silent Night)

malware_traffic
Sep 11th, 2020
8,809
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.89 KB | None | 0 0
raw download clone embed print report
  1. 2020-09-11 (FRIDAY) - MYRESUME.XLS PUSHES ZLOADER (SILENT NIGHT)
  2.  
  3. TRAFFIC:
  4.  
  5. - 205.185.113[.]20 port 80 - 205.185.113[.]20 - GET /PRTKfN
  6. - 205.185.113[.]20 port 80 - 205.185.113[.]20 - GET /files/911.dll
  7. - 31.184.253[.]244 port 80 - softwareserviceupdater5[.]com - POST /web/post.php
  8.  
  9. MALWARE:
  10.  
  11. - SHA256 hash: 421cccf7ef2ecd482467b2f470a28707447c39d581d11e39578f4dba4472fd71
  12. - File size: 159,232 bytes
  13. - File name: myResume.xls
  14. - File description: password-protected XLS file with macros for ZLoader (Silent Night)
  15.  
  16. - SHA256 hash: 740577fb4e542f8f73b104ecf8e6890fc5ee3842f5393a9ce728117b11e7d7b3
  17. - File size: 631,808 bytes
  18. - File location: hxxp://205.185.113[.]20/files/911.dll
  19. - File location: C:\IDDCHrk\rWwiyCF\IYFLemb.dll
  20. - File location: C:\Users\[username]\AppData\Roaming\Noexun\ufvou.dll
  21. - File run method: regsvr32.exe /s [filename]
  22. - File description: DLL for ZLoader (Silent Night)
  23.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!