Public Pastes
SHARE
TWEET

2019-06-20 - malspam pushing Nanocore RAT

malware_traffic Jun 20th, 2019 850 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2019-06-20 - MALSPAM PUSHING NANOCORE RAT
  2.  
  3. - Attachement: Reciept.img (SHA256 hash: 9378d39b2abd8ee5acbf2d860bd0559134d9ce514c281c41f509638bd9d77a14)
  4. - Extracted file: Reciept.scr (SHA256 hash: dddf971a52e4fc7635c72292a06fc7ed8e41bec5157b0032acb7a20347f37921)
  5.   -- Any.run analysis of extracted file: https://app.any.run/tasks/e1807028-57ec-4519-995a-af73daf6d8e4
  6.  
  7. EMAIL:
  8.  
  9. X-Originating-Ip: [65.52.234.16]
  10. Authentication-Results: [removed].rsapps.net; iprev=pass policy.iprev="65.52.234.16"; spf=softfail smtp.mailfrom="contact@azure.com" smtp.helo="mysmtp1.northcentralus.cloudapp.azure.com"; dkim=none (message not signed) header.d=none; dmarc=fail (p=none; dis=none) header.from=azure.com
  11. Received: from [65.52.234.16] ([65.52.234.16:36610] helo=mysmtp1.northcentralus.cloudapp.azure.com) by [removed]
  12.     (envelope-from <contact@azure.com>) [removed]; Thu, 20 Jun 2019 07:19:58 -0400
  13. Received: from MYRDP.shy1v4l2bkuuxjgwhhbgqcdz4c.jx.internal.cloudapp.net (unknown [104.214.58.211])
  14.     by mysmtp1.northcentralus.cloudapp.azure.com (Postfix) with ESMTPA id CB2BA2210EE3;
  15.     Thu, 20 Jun 2019 11:19:51 +0000 (UTC)
  16. Message-ID: <EE.05.17125.EDB6B0D5@smtp32.gate.ord1d.rsapps.net>
  17. Content-Type: multipart/mixed; boundary="===============0376729141=="
  18. MIME-Version: 1.0
  19. Subject: =?utf-8?b?UGF5bWVudMKgQW1vdW50IDogwqBVU0QgJDEwLDcyNy4xMQ==?=
  20. To: Recipients <contact@azure.com>
  21. From: "Azure Enterprise (S) Pte Ltd" <contact@azure.com>
  22. Date: Thu, 20 Jun 2019 11:19:51 +0000
  23.  
  24. You will not see this in a MIME-aware mail reader.
  25. --===============0376729141==
  26. Content-Type: multipart/alternative; boundary="===============0675389668=="
  27. MIME-Version: 1.0
  28.  
  29. --===============0675389668==
  30. Content-Type: text/plain; charset="iso-8859-1"
  31. MIME-Version: 1.0
  32. Content-Transfer-Encoding: quoted-printable
  33. Content-Description: Mail message body
  34.  
  35. Dear contact,
  36.  Payment will be completed when you confirm the attached application form =
  37.  
  38.  Once verified, it will be credited to your account =
  39.  
  40.  Payment Details attached....
  41.  Date :  June, 17, 2019
  42.  Receipt Number :  0C739415OU953045R
  43.  Payment Amount :  USD $5,727.11
  44.  Payment Status :  Pendng
  45.   =
  46.  
  47.  complete the Payment application form in attachment
  48.   =
  49.  
  50.  For assistance contact =
  51.  
  52.  Best Regards,
  53.  
  54. --===============0675389668==
  55. Content-Type: text/html; charset="iso-8859-1"
  56. MIME-Version: 1.0
  57. Content-Transfer-Encoding: quoted-printable
  58. Content-Description: Mail message body
  59.  
  60. <HTML><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=
  61. =3Diso-8859-1"/></head><BODY><P><STRONG><SPAN style=3D"COLOR: #3366ff"><SPA=
  62. N style=3D"FONT-FAMILY: 'times new roman', times, serif">Dear&nbsp;</SPAN>c=
  63. ontact,</SPAN></STRONG></P>
  64. <P><SPAN style=3D"FONT-FAMILY: 'times new roman', times, serif; COLOR: #336=
  65. 6ff">Payment will be completed when you confirm the attached application fo=
  66. rm&nbsp;</SPAN></P>
  67. <P><SPAN style=3D"COLOR: #3366ff">Once verified, it will be credited to you=
  68. r account&nbsp;</SPAN></P>
  69. <P><SPAN style=3D"COLOR: #3366ff">Payment Details attached....</SPAN></P>
  70. <P><SPAN style=3D"COLOR: #3366ff">Date :&nbsp; June, 17, 2019</SPAN></P>
  71. <P><SPAN style=3D"COLOR: #3366ff">Receipt Number :&nbsp; 0C739415OU953045R<=
  72. /SPAN></P>
  73. <P><SPAN style=3D"COLOR: #3366ff">Payment Amount :&nbsp; USD $5,727.11</SPA=
  74. N></P>
  75. <P><SPAN style=3D"COLOR: #3366ff">Payment Status :&nbsp; Pendng</SPAN></P>
  76. <P>&nbsp;</P>
  77. <P><SPAN style=3D"FONT-FAMILY: 'times new roman', times, serif; COLOR: #336=
  78. 6ff">complete the Payment application form in attachment</SPAN></P>
  79. <P>&nbsp;</P>
  80. <P><SPAN style=3D"COLOR: #3366ff">For assistance contact&nbsp;</SPAN></P>
  81. <P style=3D"FONT-SIZE: 13px; FONT-FAMILY: Verdana, Geneva, sans-serif; WHIT=
  82. E-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400;=
  83.  COLOR: #222222; MARGIN: 0px; LETTER-SPACING: normal; BACKGROUND-COLOR: #ff=
  84. ffff; TEXT-INDENT: 0px; font-variant-ligatures: normal"><SPAN style=3D"FONT=
  85. -SIZE: 11pt; FONT-FAMILY: Calibri, sans-serif; COLOR: #3366ff">Best Regards=
  86. ,</SPAN></P></BODY></HTML>
  87. --===============0675389668==--
  88. --===============0376729141==
  89. Content-Type: application/octet-stream
  90. MIME-Version: 1.0
  91. Content-Transfer-Encoding: base64
  92. Content-Disposition: attachment; filename="Reciept.img"
  93.  
  94. [information removed]
  95.  
  96. --===============0376729141==--
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top