SHARE
TWEET

2019-05-28 - EXAMPLE OF EMOTET MALSPAM (2 OF 2)

malware_traffic May 29th, 2019 (edited) 1,154 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. X-Originating-Ip: [203.76.156.98]
  2. Authentication-Results: [removed]; iprev=pass policy.iprev="203.76.156.98"; spf=pass smtp.mailfrom="maintenance@bfcc-bd.com" smtp.helo="mail.bfcc-bd.com"; dkim=none (message not signed) header.d=none; dmarc=none (p=nil; dis=none) header.from=bfcc-bd.com
  3. Received: from [203.76.156.98] ([203.76.156.98:37688] helo=mail.bfcc-bd.com)
  4.     by [removed] (envelope-from <maintenance@bfcc-bd.com>) [removed];
  5.     Tue, 28 May 2019 18:21:56 -0400
  6. Received: from [156.3.159.118] (unknown [156.3.159.118])
  7.     (Authenticated sender: maintenance)
  8.     by mail.bfcc-bd.com (Postfix) with ESMTPSA id C2880845E8D0
  9.     for <admin@malware-traffic-analysis.net>; Wed, 29 May 2019 04:18:48 +0600 (+06)
  10. Message-ID: <97.76.03198.184BDEC5@[removed]>
  11. Date: Tue, 28 May 2019 15:23:41 -0800
  12. From: "Steve Wolfram <steven.wolfram26@gmail.com>" <maintenance@bfcc-bd.com>
  13. To: <admin@malware-traffic-analysis.net>
  14. Subject: RE: Steve Wolfram Payment Remittance Advice
  15. MIME-Version: 1.0
  16. Content-Type: multipart/mixed; boundary="----=_Part_57010_3580304091.1569673023206442300"
  17.  
  18. ------=_Part_57010_3580304091.1569673023206442300
  19. Content-Type: text/plain; charset=UTF-8
  20. Content-Transfer-Encoding: quoted-printable
  21.  
  22. Hello, please find attached remittance advice for our recent payment to you=
  23. =20
  24.  
  25. If you have questions on this please contact Steve Wolfram for more informa=
  26. tion.
  27.  
  28. Sincerely,
  29.  
  30. Steve Wolfram
  31. ------=_Part_57010_3580304091.1569673023206442300
  32. Content-Type: application/msword; name="ATTACHMENTS-53-B7738802.doc"
  33. Content-Transfer-Encoding: base64
  34. Content-Disposition: attachment; filename="ATTACHMENTS-53-B7738802.doc"
  35.  
  36. [data removed, SHA256 file hash: 30730c4501cba5a83ed21d03805a2f6d02e970b3f4016fc045ff776c3cb98b64, available at: https://app.any.run/tasks/cc46f7ab-f3e0-4580-ab29-bdc6d63636ee]
  37.  
  38. ------=_Part_57010_3580304091.1569673023206442300--
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top