Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-09-26: #locky email phishing camapign "Invoice PISNNNNNNN"
- Email sample:
- ------------------------------------------------------------------------------------------------------------------
- From: AutoPosted PI Notifier <NoReplyMailbox@tpabc.com>
- To: [REDACTED]
- Date: Tue, 26 Sep 2017 13:38:30 -0200
- Subject: Invoice PIS3045283
- Attachment: InvoicePIS3045283.7z -> PIS7972654.vbs
- ------------------------------------------------------------------------------------------------------------------
- - sender address is forged to look like "AutoPosted PI Notifier" <NoReplyMailbox@[Random domain]>
- - Subject is "Invoice PIS<7 digits>"
- - body of the email is empty
- - attached file "InvoicePIS<7 digits>.7z" contains file "PIS<7 digits>.vbs", a VBScript downloader which will download malware from
- Download sites:
- http://camerawind.com/jkhguygv73
- http://envirotambang.com/jkhguygv73
- http://fianceevisa101.com/jkhguygv73
- http://fiancevisacover.com/jkhguygv73
- http://financeforautos.com/jkhguygv73
- http://fincasoroel.es/jkhguygv73
- http://fmarson.com/jkhguygv73
- http://formareal.com/jkhguygv73
- http://fwbcondo.com/jkhguygv73
- http://gaestehaus-im-vogelsang.de/jkhguygv73
- http://gbvm.nl/jkhguygv73
- http://geeks-online.de/jkhguygv73
- http://playbrief.info/p66/jkhguygv73
- Malware
- - locky, offline .ykcol variant
- - VT: https://www.virustotal.com/en/file/ebc06b56785f32b5d80bab14ed518e3d6e189c925f6d54dc7805fc7e867a1273/analysis/1506495287/
- - HA: https://www.hybrid-analysis.com/sample/ebc06b56785f32b5d80bab14ed518e3d6e189c925f6d54dc7805fc7e867a1273?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement