SHARE
TWEET

2017-07-31: GlobeImposter "Scanned Image"

Racco42 Aug 1st, 2017 565 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2017-07-31: #GlobeImposter email phishing campaign "Scanned image"
  2. Samples: 443
  3.  
  4. Email sample:
  5. --------------------------------------------------------------------------------------------------------------------
  6. From: "Marcelo" <Marcelo-57@panjshir.com>
  7. To: [REDACTED]
  8. Subject: Scanned image
  9. Date: Tue, 01 Aug 2017 08:49:00 +0700
  10.  
  11. Image data in PDF format has been attached to this email.
  12.  
  13. Attachment: 20170801205148.zip -> 20170801866068.js
  14. --------------------------------------------------------------------------------------------------------------------
  15. - sender is random
  16. - subject is "Scanned image"
  17. - attached file "2017<0731 or 0801><6 digits>.zip" contains file "2017<0731 or 0801><6 digits>.js", a JScript downloader which will download malware from:
  18.  
  19. Download sites (URL contains suffix ??<random>=<random> which does not influence the download):
  20. http://aimtravel.pl/a87hbn
  21. http://aitree.com/a87hbn
  22. http://bccapital.com/a87hbn
  23. http://camsexy.be/a87hbn
  24. http://dreamoneday.com/a87hbn
  25. http://edutechservices.in/a87hbn
  26. http://hpmanagement.de/a87hbn
  27. http://inoveinternet.com.br/a87hbn
  28. http://labettolasaigon.com/a87hbn
  29. http://mm7758.com/a87hbn
  30. http://nowo-tech.de/a87hbn
  31. http://petsplace.ca/a87hbn
  32. http://popprojects.com/a87hbn
  33. http://psynetwork.org/a87hbn
  34. http://quente.nl/a87hbn
  35. http://quicklookback.com/a87hbn
  36. http://samogonochka.net/a87hbn
  37. http://scapin.de/a87hbn
  38. http://sethiwriting.com/a87hbn
  39. http://showyourdeal.com/a87hbn
  40. http://slvideo.net/a87hbn
  41. http://snehil.com/a87hbn
  42. http://spinlock.info/a87hbn
  43. http://stillsmokin.bravepages.com/a87hbn
  44. http://szymanowicz.eu/a87hbn
  45. http://tbdexpress.com/a87hbn
  46. http://ttcpv.com/a87hbn
  47. http://urachart.com/a87hbn
  48. http://zabandan.com/a87hbn
  49. http://zubairfazal.com/a87hbn
  50.  
  51. Malware (SmoakLoader which will download the GlobeImposter malware):
  52. - SHA256 fbb8676259d0562ce087a1677477b6b2dfbc07432e4269016456701eeabdc455, MD5 6d869b86fea803b79acedeec7d0b0952
  53. - VT: https://www.virustotal.com/en/file/fbb8676259d0562ce087a1677477b6b2dfbc07432e4269016456701eeabdc455/analysis/1501545240/
  54. - HA: https://www.reverse.it/sample/fbb8676259d0562ce087a1677477b6b2dfbc07432e4269016456701eeabdc455?environmentId=100
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Top