Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Link in email >
- https://cdn.discordapp[.]com/attachments/496966760109703171/522124738772992000/Po_657.PDF.zip
- MD5 (Po_657.PDF.zip) = 1175e66587f70537411cb5a2c97eaf3b
- MD5 (Po_658.PDF.lnk) = 1ecbe27dace76f164c339c1ebb8f52d3
- MD5 (MSHTAPayload.hta) = 415a4f6978760a23cb88cec0ea282643
- Zip file contains lnk file which calls https://cdn.discordapp.com/attachments/496966760109703171/522099470369030144/MSHTAPayload.hta which contains another script to download payload from https://cdn.discordapp.com/attachments/496966760109703171/522073786409811969/Zaobjjs.exe
- HTA file ran > https://app.any.run/tasks/7dd05536-8a7c-4f35-bf9c-c5733b12ef46
- Payload comes from >
- Dropped executable file
- C:\Users\admin\AppData\Roaming\YVbvCulF.exe : 447b62b3564df405d585b8ed304ab961897c4a0723a5a12fe1dc3f5612b5bfad
- C:\Users\admin\AppData\Local\Temp\RarSFX0\Xmsiyyks.exe : 6f1a900d364dbb3d1ccf1c31d19ad49c38b4ec7c6b3f118c246b014104c33adf
- http://gracebytry.tk/Panel/five/fre.php
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
