API tools faq
paste
VRad

#ModiLoader_051120

VRad
Nov 6th, 2020 (edited)
300
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.14 KB | None | 0 0
raw download clone embed print report
  1. #IOC #OptiData #VR #DBatLoader #ModiLoader #Formbook #Discord
  2.  
  3. https://pastebin.com/SSVg89uT
  4.  
  5. previous_contact: n/a
  6.  
  7. FAQ:
  8. https://malpedia.caad.fkie.fraunhofer.de/details/win.dbatloader
  9. https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook
  10.  
  11. attack_vector
  12. --------------
  13. email attach .ZIP > .EXE > ieinstal.exe > GET CDN.DISCORDAPP.COM > encoded DLL > ...
  14.  
  15. email_headers
  16. --------------
  17. Received: from server5.unitedworx.com (email.unitedworx.com [134.213.73.207])
  18. Received: from webmail.gcv-parts.com (localhost.localdomain [127.0.0.1])
  19. Date: Thu, 5 Nov 2020 13:20:36 +0100
  20. From: Elena Ivanova <ivanovaelena130@gmail.com>
  21. To: undisclosed-recipients:;
  22. Subject: Re: Re: Замовлення на придбання
  23. User-Agent: Roundcube Webmail/1.4.7
  24.  
  25. files
  26. --------------
  27. SHA-256 5a3663ab83faf815b57f3a9c5d5e800ab21749bee6c01d48256bd1d932bc5cdf
  28. File name SCANNED_05_11_2020.zip [Zip archive data, at least v2.0 to extract]
  29. File size 587.53 KB (601626 bytes)
  30.  
  31. SHA-256 159676d64d4a593ffa25f69875f6dc59f05f75f3b135825b5ebda6c67adc475e
  32. File name SCANNED_05_11_2020.exe [BobSoft Mini Delphi -> BoB / BobSoft]
  33. File size 1.19 MB (1243840 bytes)
  34.  
  35. SHA-256 c630bfeb0b501f82221ff64e2c3d5a201454467117c62a7938574a46f98fda03
  36. File name ieinstal.exe [PE32 executable for MS Windows (GUI) Intel 80386 32-bit]
  37. File size 462.50 KB (473600 bytes)
  38.  
  39. SHA-256 ecbcbc0c46490ab2944f8384460074d4754571e35832879fcc6084f36c091df7
  40. File name Sviuuuu [ ASCII text, with very long lines, with no line terminators ]
  41. File size 739.00 KB (756736 bytes)
  42.  
  43. SHA-256 c169d597b7b0d43c4428168fddb452a98771db09d58995244f459f404e8d43d5
  44. File name ntdll.dll [ Microsoft Visual C++ vx.x DLL ]
  45. File size 6.19 MB (6489600 bytes)
  46.  
  47. activity
  48. **************
  49. PL_SCR CDN.DISCORDAPP.COM/ATTACHMENTS/751870937779011659/773428309739962399/SVIUUUU
  50.  
  51. C2 http://www.joomlas123.info/3nop/
  52.  
  53. netwrk
  54. --------------
  55. [ssl]
  56. 162.159.133.233 cdn.discordapp.com Client Hello
  57.  
  58. comp
  59. --------------
  60. [System Process] 0 TCP 95.100.198.11 443
  61. SCANNED_05_11_2020.exe 3500 TCP 162.159.133.233 443
  62.  
  63. proc
  64. --------------
  65. C:\Users\operator\Desktop\SCANNED_05_11_2020.exe
  66. C:\Program Files (x86)\internet explorer\ieinstal.exe
  67.  
  68. persist
  69. --------------
  70. n/a
  71.  
  72. drop
  73. --------------
  74. C:\tmp\Temporary Internet Files\Content.IE5\OBPN9P6V\Sviuuuu[1]
  75.  
  76. # # #
  77. https://www.virustotal.com/gui/file/5a3663ab83faf815b57f3a9c5d5e800ab21749bee6c01d48256bd1d932bc5cdf/details
  78. https://www.virustotal.com/gui/file/159676d64d4a593ffa25f69875f6dc59f05f75f3b135825b5ebda6c67adc475e/details
  79. https://analyze.intezer.com/analyses/453d6d57-0fa7-4824-84df-9731b9160b5f
  80. https://www.virustotal.com/gui/file/c169d597b7b0d43c4428168fddb452a98771db09d58995244f459f404e8d43d5/details
  81. https://analyze.intezer.com/analyses/8e79ab7e-5f3e-4aec-a656-86b69aed1728
  82. https://www.virustotal.com/gui/file/c630bfeb0b501f82221ff64e2c3d5a201454467117c62a7938574a46f98fda03/details
  83. https://analyze.intezer.com/analyses/79a0b683-e047-4595-a792-c04abe71af08
  84. https://www.virustotal.com/gui/file/ecbcbc0c46490ab2944f8384460074d4754571e35832879fcc6084f36c091df7/details
  85.  
  86. VR
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!