Advertisement
MalwareBreakdown

06/22/2020: ZLoader Campaign Switches to OSTAP!

Jun 22nd, 2020
10,975
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 0.65 KB | None | 0 0
  1. https://twitter.com/DynamicAnalysis/status/1275110199754461184
  2.  
  3. A #malspam campaign that I've been tracking since January 2020, that typically delivers #ZLoader, is now delivering #Ostap!
  4.  
  5. XLS downloader URLs:
  6. https://thepsaokhue.com/wp-keys.php
  7. https://metagro.com.br/wp-keys.php
  8. https://loughturnperceidrin.ml/wp-keys.php
  9. https://joliroomlides.tk/wp-keys.php
  10.  
  11. Payload downloaded from:
  12. unencansatecal.ml
  13.  
  14. C2 (credit to https://twitter.com/James_inthe_box/status/1275112840488075264):
  15. https://194.36.191.113/RA9cbC/tM0LVE.php
  16.  
  17. XLS sample:
  18. https://app.any.run/tasks/aa0c8899-a534-4882-930e-282b9e889320/
  19.  
  20. DLL sample:
  21. https://app.any.run/tasks/7173d59a-db8e-43d2-8230-4a247f35758f/
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement