Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Fake "Life Insurance Invoice" delivers Ursnif Banking Trojan Malware
- Indicators of Compromise
- Infection URL: hxxp://nth-gen.co.uk/AA%20Insurance%20Invoice.zip
- Infection URL Domain: nth-gen[.]co[.]uk
- Infection URL IP: 46.249.205.43
- Malicious File
- File name: AA Insurance Invoice.zip
- MD5: b85fddb1c4b9035138cd30d31c180faf
- SHA256: ed4007797c15d89bca7fe4ad0411807fb1d075917f01f410f8a78648bf1a04f9
- File size: 1062 KB
- Malicious File
- File name: AA Insurance Invoice.lnk
- MD5: e0ae52a6ecdb252238e1b45fe2dede90
- SHA256: cb6bf2ca33d4ede5fa287c432de640be75a2776947c0f402ced831a369421c6a
- File size: 3KB
- Malicious File
- File name: Chaturnabte.exe
- MD5: b42647f81a72c47095d3b9a3bb45fc2d
- SHA256: 01b2e72a6ca18b91a382a67099d61045e167f24da53470478110ade44180186e
- File size: 196 KB
- Payload URL: http://katherineroper[.]co[.]uk/newsite/PACHANGAITV[.]exe
- Payload URL Domain: katherineroper[.]co[.]uk
- Payload URL IP: 89.145.69.72
- Command & Control URL:
- hxxp://86.105.18.64:443
- hxxp://89.105.194.234:443
- Command & Control URL IP:
- 86.105.18[.]64
- 89.105.194[.]234
Add Comment
Please, Sign In to add comment