API tools faq
paste
Advertisement
Racco42

2017-10-11 Locky & Trickbot "Emailing xxxx"

Racco42
Oct 11th, 2017
2,074
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.85 KB | None | 0 0
raw download clone embed print report
  1. 2017-10-11: #locky & #trickbot email phishing campaign "Emailing: xxxxxxxx"
  2.  
  3. Email sample:
  4. ------------------------------------------------------------------------------------------------------------------------------
  5. From: "Elma" <Elma.Sturrock@primaaccounting.co.uk>
  6. To: [REDACTED]
  7. Subject: Emailing: 28294013
  8. Date: Wed, 11 Oct 2017 11:33:52 -0600
  9.  
  10. Your message is ready to be sent with the following file or link
  11. attachments:
  12.  
  13. 28294013
  14.  
  15. Note: To protect against computer viruses, e-mail programs may prevent
  16. sending or receiving certain types of file attachments. Check your e-mail
  17. security settings to determine how attachments are handled.
  18.  
  19. Attachment: 28294013.7z -> 409112229.vbs
  20. ------------------------------------------------------------------------------------------------------------------------------
  21. - subject is "Emailing: <8-9 digits>"
  22. - attached file "<8-9 digits>.7z" contains file "<8-9 digits>.vbs", a VBScript downloader, which will for UK, AU, LU, BE and IE download Trickbot and for other countries Locky malware from the following links:
  23.  
  24. Trickbot download sites:
  25. http://agriturismoviridarium.it/6jbgcfwe3
  26. http://enixgaming.de/6jbgcfwe3
  27. http://enmee.net/6jbgcfwe3
  28. http://fetchstats.net/p66/6jbgcfwe3
  29. http://fls-portal.co.uk/6jbgcfwe3
  30. http://jeangurunlian.com/6jbgcfwe3
  31. http://peopleiknow.org/6jbgcfwe3
  32. http://petrochemus.com/6jbgcfwe3
  33. http://sci-eye.com/6jbgcfwe3
  34. http://secundaria50.edu.mx/6jbgcfwe3
  35. http://stemcellenhancementresearch.com/6jbgcfwe3
  36.  
  37. Locky download sites:
  38. http://alexandradickman.com/cunrb78f
  39. http://arkberg-design.fi/cunrb78f
  40. http://basedow-bilder.de/cunrb78f
  41. http://centralbaptistchurchnj.org/cunrb78f
  42. http://download.justowin.it/cunrb78f
  43. http://fetchstats.net/p66/cunrb78f
  44. http://hair-select.jp/cunrb78f
  45. http://itsmaterial.us/cunrb78f
  46. http://lacosturera.es/cunrb78f
  47. http://missiegeslaagd.nl/cunrb78f
  48. http://motifahsap.com/cunrb78f
  49. http://pacalik.net/cunrb78f
  50. http://ryanbaptistchurch.com/cunrb78f
  51. http://sambad.com.np/cunrb78f
  52. http://sgtenterprises.com/cunrb78f
  53. http://shamanic-extracts.biz/cunrb78f
  54. http://signlight.com.au/cunrb78f
  55.  
  56. - trickbot
  57. - SHA256: 79a40ac47ea2b57727437a7a9365e860cc1fa1c7c96900f5a2a90133959c4694, MD5: e3d2e5e74874fd8b59ddef544f7e4851
  58. - VT: https://www.virustotal.com/en/file/79a40ac47ea2b57727437a7a9365e860cc1fa1c7c96900f5a2a90133959c4694/analysis/1507746825/
  59. - HA: https://www.reverse.it/sample/79a40ac47ea2b57727437a7a9365e860cc1fa1c7c96900f5a2a90133959c4694?environmentId=100
  60.  
  61. - locky ransomware, offline asasin variant
  62. - SHA256: 1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6, MD5: c77d1c0c0ecd0b2f81f2bcf89fb07279
  63. - VT: https://www.virustotal.com/en/file/1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6/analysis/1507743328/
  64. - HA: https://www.reverse.it/sample/1d4a3957a4f4d83f1edffcb0b596e04d98c82f801ae4b23208a34076203f42f6?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!