API tools faq
paste
ExecuteMalware

2021-06-10 BazarCall IOCs

ExecuteMalware
Jun 11th, 2021
19,847
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.93 KB | None | 0 0
raw download clone embed print report
  1. THREAT ATTRIBUTION: BAZARCALL / BAZARLOADER
  2.  
  3. SENDERS OBSERVED
  4. [email protected]
  5. [email protected]
  6. [email protected]
  7.  
  8. SUBJECTS OBSERVED
  9. You'll be moved to our premium! Your number is VCP6#############.
  10. Your free period is nearly ended. Your account no VCP6#############. Ready to continue?
  11. Your premium demo is almost over. Your members account no VCP6#############. All set to move forward?
  12.  
  13. LURE PHONE NUMBER
  14. +1 213 401 2706
  15.  
  16. MALDOC LANDING PAGE URLS
  17. https://zonerphoto.us
  18. https://vcophoto.us
  19.  
  20. MALDOC DOWNLOAD URLS
  21. https://zonerphoto.us/cancel.php
  22.  
  23. MALDOC (XLSB) FILE HASHES
  24. cancel_sub_VCP6#############.xlsb
  25. 1760b30f6ed514aa313b0acaa5c842db
  26.  
  27. BAZARLOADER PAYLOAD DOWNLOAD URLs
  28. First call is to:
  29. http://195.123.235.51
  30.  
  31. which does a 302 redirect to:
  32. http://pshe0pxe339.xyz/xe1t23ym0s.php
  33.  
  34. BAZARLOADER FILE HASHES
  35. TTObk2.dll
  36. f51f8a949542f723efe21d2a7bc70a55
  37.  
  38. BAZARLOADER C2
  39. https://54.153.8.158/api/info/send
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!