API tools faq
paste
ExecuteMalware

2020-07-28 Remcos IOCs

ExecuteMalware
Jul 28th, 2020
4,123
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.87 KB | None | 0 0
raw download clone embed print report
  1. THREAT ATTRIBUTION: REMCOS RAT
  2.  
  3. SUBJECTS OBSERVED
  4. Separate Remittance Advice: paper document number - 9604163
  5.  
  6. SENDERS OBSERVED
  7. BB&T EFT <alert@message-bbt[.]com>
  8.  
  9. EMAIL BODY
  10. Payment Remittance Advice
  11. July 28, 2020
  12.  
  13. An electronic payment has been remitted to you. Please find attached your remittance and invoice details.
  14.  
  15. From Payer
  16. BB & T Electronic Payments
  17. Trading Partner
  18. To Payee ID
  19. 6M8966578E033193B
  20.  
  21. Bank Name
  22. BB & T.. ...
  23.  
  24. Bank No.
  25. 111017694
  26.  
  27. Branch No.
  28. 111017694
  29.  
  30. Bank BIC Code
  31. XXXXXXXXX33
  32.  
  33. Bank Account
  34. XXXXXXXXXXX
  35.  
  36. IBAN
  37.  
  38. Payment Reference Number
  39. 74492322
  40. Paper Document Number
  41. 9604163
  42. Payment Date
  43. July 28, 2020
  44. Payment Currency
  45. USD
  46. Payment Amount
  47. Payment Method
  48. 20,731.53
  49. EFT
  50.  
  51. Branch Banking and Trust Company; Member FDIC.
  52. BB&T, 200 West Second Street, PO Box 1250, Winston Salem, NC 27101-1250.
  53. Copyright © 2020, Branch Banking and Trust Company. All rights reserved.
  54.  
  55. This message and any attachments are solely for the intended recipient and may contain confidential or privileged information. If you are not the intended recipient, any disclosure, copying, use, or distribution of the information included in this message and any attachments is prohibited. If you have received this communication in error, please notify us by reply e-mail and immediately and permanently delete this message and any attachments.
  56.  
  57. MALDOC FILE HASHES
  58. ManagementBoard[.]vbs
  59. 4027246affd19bec5c03fd5af10218e4
  60.  
  61. Payment Advice[.]xlsm
  62. e0c41f793cfb01ddece1701634a64cf3
  63.  
  64. Image02[.]jpg
  65. deafaf17ddde7cb2cde1bd8d6145802c
  66.  
  67. Image03[.]jpg
  68. bbeaffbdc3c48b84622a1b5de44240a2
  69.  
  70. PAYLOAD URL
  71. hxxp://plaitt[.]com/Regional/ManagementBoard[.]vbs
  72. hxxp://plaitt[.]com/Images/Image02[.]jpg
  73. hxxp://plaitt[.]com/Images/Image03[.]jpg
  74.  
  75. REMCOS C2
  76. 79[.]134[.]225[.]32:8950
  77.  
  78. SUPPORTING EVIDENCE
  79. https://app.any.run/tasks/1bc823c2-5852-41d3-b745-9eb26008de1b/
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!