malware_traffic

2020-09-30 - Qakbot malspam example

Sep 30th, 2020
1,502
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Received: from [212.227.17.13] ([212.227.17.13:41711] helo=mout.kundenserver.de)
  2. by [removed] (envelope-from <legendre@handirect.com>)
  3. (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384
  4. subject="/C=DE/O=1&1 Internet SE/ST=Rheinland-Pfalz/L=Montabaur/CN=mout.kundenserver.de")
  5. id 78/C3-21529-D1AE47F5; Wed, 30 Sep 2020 16:27:10 -0400
  6. Received: from localhost ([4.35.204.146]) by mrelayeu.kundenserver.de
  7. (mreue109 [212.227.15.184]) with ESMTPA (Nemesis) id 1MYNW8-1jtNs033xq-00VMaP
  8. for <admin@malware-traffic-analysis.net>; Wed, 30 Sep 2020 22:27:08 +0200
  9. From: "[name removed]" <legendre@handirect.com>
  10. Date: Wed, 30 Sep 2020 23:27:07 +0300
  11. To: admin@malware-traffic-analysis.net
  12. Subject: =?UTF-8?B?UmU6IFJlOiBQcm9qZWN0IHN0YXR1cyB1cGRhdGU=?=
  13. MIME-Version: 1.0
  14. X-Mailer: Microsoft Outlook 16.0
  15. Content-Type: multipart/mixed; boundary=0e31d473551c1c25580b50a573e5690e
  16. Message-ID: <1MhUDl-1ktDot1fOd-00eg5o@mrelayeu.kundenserver.de>
  17.  
  18. --0e31d473551c1c25580b50a573e5690e
  19. Content-Type: text/html; charset=utf-8
  20.  
  21. <p>Good morning,</p><p>Check the document and let me know what you think about it.</p><p><br />Thanks.</p><br><blockquote type="cite">[email chain removed]
  22.  
  23.  
  24. </blockquote>
  25.  
  26.  
  27. --0e31d473551c1c25580b50a573e5690e
  28. Content-Type: application/zip
  29. Content-Transfer-Encoding: base64
  30. Content-Disposition: attachment; filename="=?UTF-8?B?MzE5ODY3OTA5MzYuemlw?="
  31.  
  32. [information removed, file available at: https://app.any.run/tasks/fd4a4da2-cd02-461f-a852-00431a2f33b0]
  33.  
  34. --0e31d473551c1c25580b50a573e5690e--
  35.  
RAW Paste Data