malware_traffic

2020-10-07 (Wednesday) - Malspam with XLSX attachments pushes Dridex

Oct 7th, 2020
1,587
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2020-10-07 (WEDNESDAY) - MALSPAM WITH XLSX ATTACHMENTS PUSHES DRIDEX
  2.  
  3. EMAIL HEADER DATA:
  4.  
  5. - Date: 2020-10-07
  6.  
  7. - From: "Accounts Dept." <noreply@dhl.com>
  8. - From: UPS Billing Center <Invoice-notification@ups.com>
  9. - From: Invoice-notification@ups.com <Invoice-notification@ups.com>
  10.  
  11. - Subject: DHL Overdue Invoice Notice - 1724080874
  12. - Subject: UPS Invoice Notification
  13.  
  14. - Attachment name: 202117071KA371285.xlsm
  15. - Attachment name: 2256463051J2547I7.xlsm
  16. - Attachment name: H321176987270.xlsm
  17.  
  18. SHA256 HASHES OF THE ATTACHED SPREADSHEETS:
  19.  
  20. - 9bea5cd43e299b1dcf722ab63d3162d0efaa6acd561260c9f5323dbc9ce71383 202117071KA371285.xlsm
  21. - 0be0253ef0653faeda6da8f44b05e5c63035d1142efd90d63b41568d28458959 2256463051J2547I7.xlsm
  22. - a86e178e1ff98b684fe5c47d4caa8d98430e8f2a2c7980df9249040d5c68639c H321176987270.xlsm
  23.  
  24. URLS GENERATED BY ENABLING MACROS:
  25.  
  26. - hxxp://ask-regard.call-save[.]biz/t12r3acb2.jpg
  27. - hxxps://eae0908.gossnet[.]com/f4o56y9ko.txt
  28. - hxxps://newmg532.wordswideweb[.]com/osn5u0wii.txt
  29.  
  30. SHA256 HASHES OF 2 DLL FILES RETURNED FROM THE ABOVE 3 URLS:
  31.  
  32. - 7f9d34e81d9dbaadf5253b219f04a1702226072884521a8e12e8c99c49fe198e
  33. - b775a1f8663e7bdeef07cdd7497b91fa82dd7ab1015d138b2aeb8b51e77d3895
  34.  
  35. - NOTE 1: Location for both of the above files was: C:\ibQRmAmp\jCYsnVx\DxVmDcR
  36. - NOTE 2: Run method: "C:\Windows\SysWOW64\regsvr32.exe" -s C:\ibQRmAmp\jCYsnVx\DxVmDcR.
RAW Paste Data