Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2017-10-10: #locky email phishing camapign "Voicemail From 845-551-NNNN"
- Email sample:
- -----------------------------------------------------------------------------------------------------------------------
- Date: Tue, 10 Oct 2017 21:38:26 +0530
- From: Microsoft Voice <MSVoice@dhl.com>
- Subject: Voicemail From 845-551-2955
- Voice Message received at Tue, 10 Oct 2017 21:38:26 +0530
- Voicemail Length 39 sec
- Attached: VMSG9814443_20171010.7z -> VMSG398056009_20171010.vbs
- -----------------------------------------------------------------------------------------------------------------------
- - sender name is "Microsoft Voice" and email address is forged to look like coming from recipient's domain MSVoice@domain
- - subject is "Voicemail From 845-551-<4 digits>"
- - email does not have To: header
- - attached file "VMSG<5-10 digits>_20171010.7z" contains file "VMSG<9-11 digits>_20171010.vbs, a VBScript downloader
- Download sites:
- http://alucmuhendislik.com/njhgftrf3
- http://atlantarecyclingcenters.com/njhgftrf3
- http://bit-chasers.com/njhgftrf3
- http://bjp.co.id/njhgftrf3
- http://centurythis.com/njhgftrf3
- http://estudiperceptiva.com/njhgftrf3
- http://handhi.com/njhgftrf3
- http://hellonwheelsthemovie.com/njhgftrf3
- http://hexacam.com/njhgftrf3
- http://logica-info.com/njhgftrf3
- http://mh-service.ru/njhgftrf3
- http://miamirecyclecenters.com/njhgftrf3
- http://monstermx.com/njhgftrf3
- http://m-tensou.net/njhgftrf3
- http://nsaflow.info/p66/njhgftrf3
- http://paulcruse.com/njhgftrf3
- http://suncoastot.com/njhgftrf3
- Malware
- - locky ransowmare, offline .asasin variant
- - SHA256 a165963bb5575321c03f974e266808d34b695fa21d0f2dd96a66cd3c887bd5e7, MD5: 37c106c0d8e97fbe9ec10a037858ea23
- - VT: https://www.virustotal.com/en/file/a165963bb5575321c03f974e266808d34b695fa21d0f2dd96a66cd3c887bd5e7/analysis/1507651868/
- - HA: https://www.reverse.it/sample/a165963bb5575321c03f974e266808d34b695fa21d0f2dd96a66cd3c887bd5e7?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement