API tools faq
paste
Advertisement
VRad

#formbook_220419

VRad
May 9th, 2019
375
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.25 KB | None | 0 0
raw download clone embed print report
  1. #IOC #OptiData #VR #formbook #RAR #EXE
  2.  
  3. https://pastebin.com/1FMBBK3N
  4.  
  5. previous_contact:
  6. 26/02/19 https://pastebin.com/yLu1cL9K
  7. 15/11/18 https://pastebin.com/VFG89LnT
  8. 14/11/18 https://pastebin.com/D6VPDyyz
  9.  
  10. FAQ:
  11.  
  12. attack_vector
  13. --------------
  14. email attach .RAR > .EXE
  15.  
  16. email_headers
  17. --------------
  18. n/a
  19.  
  20. files
  21. --------------
  22. SHA-256 fadf0395c50287c0981c0ba6a5dd94df18d574489760811484f79b678f62dadb
  23. File name PO19040302.rar [RAR archive data, v2e,]
  24. File size 259.53 KB (265759 bytes)
  25.  
  26. SHA-256 03b325328922fd983ab4e2e8de3780c7b7711a14043103cc2d461e378638d640
  27. File name PO19040302.exe [PE32 executable (GUI) Intel 80386, for MS Windows]
  28. File size 552 KB (565248 bytes)
  29.  
  30. activity
  31. **************
  32.  
  33. netwrk
  34. --------------
  35. 192.252.146.28 efficientmechanical{.} com GET /su/?GT=iAQ...==&zl3D=Ul9L HTTP/1.1 Continuation noUA
  36. 184.168.221.96 istdama{.} com GET /su/?GT=+q5...==&zl3D=Ul9L&sql=1 HTTP/1.1 Continuation noUA
  37. 184.168.221.96 istdama{.} com POST /su/ HTTP/1.1 Mozilla/4.0
  38. 217.70.184.50 thecrudeco{.} com GET /su/?GT=SsW...==&zl3D=Ul9L&sql=1 HTTP/1.1 Continuation noUA
  39. 217.70.184.50 thecrudeco{.} com POST /su/ HTTP/1.1 Mozilla/4.0
  40.  
  41. comp
  42. --------------
  43. explorer.exe 2045 TCP localhost 40321 192.252.146.28 80 ESTABLISHED
  44. explorer.exe 2045 TCP localhost 40376 184.168.221.96 80 ESTABLISHED
  45. explorer.exe 2045 TCP localhost 40387 217.70.184.50 80 ESTABLISHED
  46.  
  47. proc
  48. --------------
  49. C:\Users\operator\Desktop\PO19040302.exe
  50. C:\Users\operator\Desktop\PO19040302.exe
  51. C:\Windows\System32\netsh.exe
  52. C:\Windows\System32\cmd.exe /c del "C:\Users\operator\Desktop\PO19040302.exe"
  53. C:\Program Files\Mozilla Firefox\Firefox.exe
  54. C:\Program Files\Yv4bdn\pr6hzlkspx.exe
  55. C:\Program Files\Yv4bdn\pr6hzlkspx.exe
  56. C:\Windows\System32\netsh.exe
  57. C:\Windows\system32\DllHost.exe /Processid:{3AD05575-8857-4850-9277-11B85BDB8E09}
  58.  
  59. persist
  60. --------------
  61. n/a
  62.  
  63. drop
  64. --------------
  65. C:\Program Files\Yv4bdn\pr6hzlkspx.exe
  66.  
  67. # # #
  68. https://www.virustotal.com/gui/file/fadf0395c50287c0981c0ba6a5dd94df18d574489760811484f79b678f62dadb/details
  69. https://www.virustotal.com/gui/file/03b325328922fd983ab4e2e8de3780c7b7711a14043103cc2d461e378638d640/details
  70. https://analyze.intezer.com/#/analyses/dc1d2f98-3f81-4512-ac65-e38538335821
  71.  
  72. VR
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!