API tools faq
paste
Advertisement
Racco42

2017-09-19 Locky "Emailing - 1000800NNNN"

Racco42
Sep 19th, 2017
3,590
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.10 KB | None | 0 0
raw download clone embed print report
  1. 2017-09-19: #locky email phishing campaign "Emailing - 1000800NNNN"
  2.  
  3. Email sample:
  4. --------------------------------------------------------------------------------------------------------------
  5. From: "Mckenna, Cassandra" <Cassandra.Mckenna@d[REDACTED]>
  6. To: [REDACTED]
  7. Subject: Emailing - 10008000036
  8. Date: Tue, 19 Sep 2017 22:37:29 +0300
  9.  
  10. *** This email, and any attachments, is strictly confidential and may be le=ally privileged. It is intended only for the addressee. If you are not the=intended recipient, any disclosure, copying, distribution or other use of =his communication is strictly prohibited. If you have received this message in error, please contact the sender. Any=request for disclosure of this document under the Data Protection Act 1998=or Freedom of Information Act 2000 should be referred to the sender. [disc=aimer id: HCCStdDisclaimerExt] ***
  11.  
  12. Attachment: 10008000036.7z
  13. --------------------------------------------------------------------------------------------------------------
  14. - sender address is forged to be from the recipient's own domain
  15. - subject is "Emailing - 1000800<4 digits>"
  16. - attached file "1000800<4 digits>.7z" contains file "1000800<4 digits>.vbs", a VBScript downloader
  17.  
  18. Download sites:
  19. http://countryhome.dmw123.com/y873fhn3iur
  20. http://dealer.my-beads.nl/y873fhn3iur
  21. http://dkck.com.tw/y873fhn3iur
  22. http://edificioviacapital.com.br/y873fhn3iur
  23. http://globalmitrateknik.com/y873fhn3iur
  24. http://hkwatercolors.com/y873fhn3iur
  25. http://hydrodesign.net/y873fhn3iur
  26. http://keener-music.com/y873fhn3iur
  27. http://land-atlanta.net/y873fhn3iur
  28. http://lowlender.com/y873fhn3iur
  29. http://mebel.wladimir.ru/y873fhn3iur
  30. http://slbjuris.fr/y873fhn3iur
  31. http://zionbrand.su/p66/y873fhn3iur
  32.  
  33. Malware:
  34. - locky, .ykcol offline variant
  35. - SHA256 942e275de833c747d0f8a5ebe519c62157c1136cbf467d079d7f84890018aa84, MD5: ee8bbd4ec4f19684f279054448a27601
  36. - VT: https://www.virustotal.com/en/file/942e275de833c747d0f8a5ebe519c62157c1136cbf467d079d7f84890018aa84/analysis/1505854472/
  37. - HA: https://www.reverse.it/sample/942e275de833c747d0f8a5ebe519c62157c1136cbf467d079d7f84890018aa84?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!