Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2020-10-07 (WEDNESDAY) - MALSPAM WITH XLSX ATTACHMENTS PUSHES DRIDEX
- EMAIL HEADER DATA:
- - Date: 2020-10-07
- - From: "Accounts Dept." <noreply@dhl.com>
- - From: UPS Billing Center <Invoice-notification@ups.com>
- - From: Invoice-notification@ups.com <Invoice-notification@ups.com>
- - Subject: DHL Overdue Invoice Notice - 1724080874
- - Subject: UPS Invoice Notification
- - Attachment name: 202117071KA371285.xlsm
- - Attachment name: 2256463051J2547I7.xlsm
- - Attachment name: H321176987270.xlsm
- SHA256 HASHES OF THE ATTACHED SPREADSHEETS:
- - 9bea5cd43e299b1dcf722ab63d3162d0efaa6acd561260c9f5323dbc9ce71383 202117071KA371285.xlsm
- - 0be0253ef0653faeda6da8f44b05e5c63035d1142efd90d63b41568d28458959 2256463051J2547I7.xlsm
- - a86e178e1ff98b684fe5c47d4caa8d98430e8f2a2c7980df9249040d5c68639c H321176987270.xlsm
- URLS GENERATED BY ENABLING MACROS:
- - hxxp://ask-regard.call-save[.]biz/t12r3acb2.jpg
- - hxxps://eae0908.gossnet[.]com/f4o56y9ko.txt
- - hxxps://newmg532.wordswideweb[.]com/osn5u0wii.txt
- SHA256 HASHES OF 2 DLL FILES RETURNED FROM THE ABOVE 3 URLS:
- - 7f9d34e81d9dbaadf5253b219f04a1702226072884521a8e12e8c99c49fe198e
- - b775a1f8663e7bdeef07cdd7497b91fa82dd7ab1015d138b2aeb8b51e77d3895
- - NOTE 1: Location for both of the above files was: C:\ibQRmAmp\jCYsnVx\DxVmDcR
- - NOTE 2: Run method: "C:\Windows\SysWOW64\regsvr32.exe" -s C:\ibQRmAmp\jCYsnVx\DxVmDcR.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement