Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-10-04: #locky email phishing campaign "Copy of invoice ANNNNNNNNNN. Please find your invoice attached."
- Email sample:
- -----------------------------------------------------------------------------------------------------------------
- From: online@screwfix.com
- To: [REDACTED]
- Subject: Copy of invoice A3229365915. Please find your invoice attached.
- Date: Wed, 04 Oct 2017 14:38:16 +0530
- Dear customer
- Thank you for shopping with Electricfix. A copy of your invoice is
- attached. If your invoice is not attached please email
- invoice@electricfix.com.
- Order number: A3229365915
- Forward planning:
- While we try our hardest to get your products to you in time and in
- perfect condition, we suggest that you don’t schedule any
- installation work until a few days after the expected delivery date,
- just in case you need to resolve any technical questions or order
- additional fittings if necessary.
- Disclaimer:
- This e-mail and any attachments are confidential. If you are not the
- intended recipient, please contact us immediately on 03330 112 333
- (mobile friendly) and inform the sender. Please then delete the e-mail
- and do not disclose the contents to anyone.
- Although we do scan outgoing e-mails for viruses, it is possible that
- a virus may have become attached and it is your responsibility to scan
- incoming e-mails.
- Contact Us:
- Telephone: 03330 112 333 (mobile friendly) UK based contact centre
- Email: online@Electricfix.com
- Address: Screwfix Direct Ltd, Trade House, Mead Avenue, Yeovil, BA22
- 8RT
- Company Registration No 03006378 VAT No 232 5555 75
- Attachment: InvoiceA3229365915.7z -> Invoice415336724312713286955666.vbs
- -----------------------------------------------------------------------------------------------------------------
- - sender is "online@screwfix.com"
- - subject is "Copy of invoice A<10 digits>. Please find your invoice attached."
- - attached file "InvoiceA<10 digits>.7z" contains file "Invoice<24 digits>.vbs", a VBScript downloader which will download malware from:
- Download sites:
- http://cutwell.ca/8etyfh3ni
- http://derainlay.info/p66/8etyfh3ni
- http://ericweb.co.za/8etyfh3ni
- http://pciholog.ru/8etyfh3ni
- http://proteinmarker.com/8etyfh3ni
- http://rentwestq.com/8etyfh3ni
- http://schoensigns.com/8etyfh3ni
- http://scouting-bvb.nl/8etyfh3ni
- http://shopsshops.de/8etyfh3ni
- http://smarterbaby.com/8etyfh3ni
- http://spazioireos.it/8etyfh3ni
- http://tailer.it/8etyfh3ni
- http://tarimsalteknoloji.com/8etyfh3ni
- http://techknowlogix.net/8etyfh3ni
- http://tecnigrafite.com/8etyfh3ni
- http://turfschiploge.nl/8etyfh3ni
- Updated:
- http://hwayou.com.tw/8etyfh3ni
- http://rocknsoulamerica.com/8etyfh3ni
- http://securmailbox.it/8etyfh3ni
- Malware:
- - Locky ransomware, offlien ykcol version
- - SHA256: 7c88ec63f7ca11a22add9f77f47f7ac8f71e930b3dd24422940c28cc8fd22ac2, MD5: 3ba59430e3a75cf5c6ec1b7fcc5dfe33
- - VT: https://www.virustotal.com/file/7c88ec63f7ca11a22add9f77f47f7ac8f71e930b3dd24422940c28cc8fd22ac2/analysis/1507108536/
- - HA: https://www.reverse.it/sample/7c88ec63f7ca11a22add9f77f47f7ac8f71e930b3dd24422940c28cc8fd22ac2?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement