API tools faq
paste
Advertisement
ExecuteMalware

2021-03-19 BazarCall IOCs

ExecuteMalware
Mar 19th, 2021
3,921
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.07 KB | None | 0 0
raw download clone embed print report
  1. THREAT IDENTIFICATION: BAZARCALL
  2.  
  3. SENDER EMAILS
  4. info@icartservice.net
  5. helpdesk@rr.unicornfacial.com
  6.  
  7. SUBJECTS
  8. Want to extend your free trial KRM50267720B?
  9. Want to extend your free trial RMN57030360?
  10. Want to extend your free trial RMN75256851?
  11. Your free trial KRM92920945 is about to end!
  12. Your free trial RMN19210127 has come to end!
  13.  
  14. LURE PHONE NUMBER
  15. 1 (213) 261 0445
  16.  
  17. MALDOC DOWNLOAD URLS
  18. https://icartservice.net/unsubscribe.html
  19. https://imedservice.net/unsubscribe.html
  20.  
  21. MALDOC FILE HASHES
  22. subscription_1616187055.xlsb
  23. 7867ebc2414ca337b6a8213031e0c422
  24.  
  25. subscription_1616191079.xlsb
  26. a21b2b890883d7f4219c98a5b7f25984
  27.  
  28. subscription_1616187039.xlsb
  29. d17e780a23c19a5ce5c2a0d4abc19b55
  30.  
  31. subscription_1616191046.xlsb
  32. e91481deccd1adac7a7587ebaaa76d3c
  33.  
  34. subscription_1616187823.xlsb
  35. ff2b34767ab01242968b759d3b93161a
  36.  
  37. PAYLOAD DOWNLOAD URL
  38. First is a POST to:
  39. http://call2.xyz/campo/j1/j1
  40.  
  41. Then:
  42. http://call2.xyz/uploads/files/ss.exe
  43.  
  44. PAYLOAD FILE HASH
  45. ss.exe
  46. 91ee2afefdf066eae3aead061a8075ed
  47.  
  48. Renamed to:
  49. klga.exe
  50. 91ee2afefdf066eae3aead061a8075ed
  51.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!