Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2018-01-26 CVE-2018-0802 / 2017-11882 MALSPAM
- MALDOC:
- PO8722092.rtf
- e71178c78b02f5fd8e9f55353016a7b6
- 337d9bb0cebff4260ea465ca66af7c1b17e410752987bb1b60251261a2225102
- EMBEDDED PE:
- d2f8f55caab80c04f13cd2057cba21b0
- f5b5c2636f19cf6ae2133baef6e30de746a3ac632255af8db37c51686f74935d
- HTTP REQUEST OBSERVED:
- hxxp://bijou-cinemas.com/USSSSS.exe
- USER AGENT:
- User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
- PAYLOAD:
- USSSSS.exe
- 5e0d549810b21b9d65477399fe1ed0d5
- 4a9b39ed1513c7baba04b3139883d010548df4a23fc0457e853d013b2e8161f7
- C2:
- 185.171.25.3:1406
- NOTE:
- Triggers sig for possible NetWire RAT client heartbeat
- REFS:
- -RTF
- https://www.hybrid-analysis.com/sample/337d9bb0cebff4260ea465ca66af7c1b17e410752987bb1b60251261a2225102?environmentId=100
- -DROPPER
- https://www.virustotal.com/#/file/f5b5c2636f19cf6ae2133baef6e30de746a3ac632255af8db37c51686f74935d/detection
- -PAYLOAD
- https://www.hybrid-analysis.com/sample/4a9b39ed1513c7baba04b3139883d010548df4a23fc0457e853d013b2e8161f7?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement