Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #IOC #OptiData #VR #DBatLoader #ModiLoader #Formbook #Discord
- https://pastebin.com/SSVg89uT
- previous_contact: n/a
- FAQ:
- https://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader
- https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
- attack_vector
- --------------
- email attach .ZIP > .EXE > ieinstal.exe > GET CDN.DISCORDAPP.COM > encoded DLL > ...
- email_headers
- --------------
- Received: from server5.unitedworx.com (email.unitedworx.com [134.213.73.207])
- Received: from webmail.gcv-parts.com (localhost.localdomain [127.0.0.1])
- Date: Thu, 5 Nov 2020 13:20:36 +0100
- From: Elena Ivanova <ivanovaelena130@gmail.com>
- To: undisclosed-recipients:;
- Subject: Re: Re: Замовлення на придбання
- User-Agent: Roundcube Webmail/1.4.7
- files
- --------------
- SHA-256 5a3663ab83faf815b57f3a9c5d5e800ab21749bee6c01d48256bd1d932bc5cdf
- File name SCANNED_05_11_2020.zip [Zip archive data, at least v2.0 to extract]
- File size 587.53 KB (601626 bytes)
- SHA-256 159676d64d4a593ffa25f69875f6dc59f05f75f3b135825b5ebda6c67adc475e
- File name SCANNED_05_11_2020.exe [BobSoft Mini Delphi -> BoB / BobSoft]
- File size 1.19 MB (1243840 bytes)
- SHA-256 c630bfeb0b501f82221ff64e2c3d5a201454467117c62a7938574a46f98fda03
- File name ieinstal.exe [PE32 executable for MS Windows (GUI) Intel 80386 32-bit]
- File size 462.50 KB (473600 bytes)
- SHA-256 ecbcbc0c46490ab2944f8384460074d4754571e35832879fcc6084f36c091df7
- File name Sviuuuu [ ASCII text, with very long lines, with no line terminators ]
- File size 739.00 KB (756736 bytes)
- SHA-256 c169d597b7b0d43c4428168fddb452a98771db09d58995244f459f404e8d43d5
- File name ntdll.dll [ Microsoft Visual C++ vx.x DLL ]
- File size 6.19 MB (6489600 bytes)
- activity
- **************
- PL_SCR CDN.DISCORDAPP.COM/ATTACHMENTS/751870937779011659/773428309739962399/SVIUUUU
- C2 http://www.joomlas123.info/3nop/
- netwrk
- --------------
- [ssl]
- 162.159.133.233 cdn.discordapp.com Client Hello
- comp
- --------------
- [System Process] 0 TCP 95.100.198.11 443
- SCANNED_05_11_2020.exe 3500 TCP 162.159.133.233 443
- proc
- --------------
- C:\Users\operator\Desktop\SCANNED_05_11_2020.exe
- C:\Program Files (x86)\internet explorer\ieinstal.exe
- persist
- --------------
- n/a
- drop
- --------------
- C:\tmp\Temporary Internet Files\Content.IE5\OBPN9P6V\Sviuuuu[1]
- # # #
- https://www.virustotal.com/gui/file/5a3663ab83faf815b57f3a9c5d5e800ab21749bee6c01d48256bd1d932bc5cdf/details
- https://www.virustotal.com/gui/file/159676d64d4a593ffa25f69875f6dc59f05f75f3b135825b5ebda6c67adc475e/details
- https://analyze.intezer.com/analyses/453d6d57-0fa7-4824-84df-9731b9160b5f
- https://www.virustotal.com/gui/file/c169d597b7b0d43c4428168fddb452a98771db09d58995244f459f404e8d43d5/details
- https://analyze.intezer.com/analyses/8e79ab7e-5f3e-4aec-a656-86b69aed1728
- https://www.virustotal.com/gui/file/c630bfeb0b501f82221ff64e2c3d5a201454467117c62a7938574a46f98fda03/details
- https://analyze.intezer.com/analyses/79a0b683-e047-4595-a792-c04abe71af08
- https://www.virustotal.com/gui/file/ecbcbc0c46490ab2944f8384460074d4754571e35832879fcc6084f36c091df7/details
- VR
Add Comment
Please, Sign In to add comment