API tools faq
paste
malware_traffic

2019-06-20 - malspam pushing Nanocore RAT

malware_traffic
Jun 20th, 2019
1,194
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.25 KB
raw download clone embed print report
  1. 2019-06-20 - MALSPAM PUSHING NANOCORE RAT
  2.  
  3. - Attachement: Reciept.img (SHA256 hash: 9378d39b2abd8ee5acbf2d860bd0559134d9ce514c281c41f509638bd9d77a14)
  4. - Extracted file: Reciept.scr (SHA256 hash: dddf971a52e4fc7635c72292a06fc7ed8e41bec5157b0032acb7a20347f37921)
  5. -- Any.run analysis of extracted file: https://app.any.run/tasks/e1807028-57ec-4519-995a-af73daf6d8e4
  6.  
  7. EMAIL:
  8.  
  9. X-Originating-Ip: [65.52.234.16]
  10. Authentication-Results: [removed].rsapps.net; iprev=pass policy.iprev="65.52.234.16"; spf=softfail smtp.mailfrom="contact@azure.com" smtp.helo="mysmtp1.northcentralus.cloudapp.azure.com"; dkim=none (message not signed) header.d=none; dmarc=fail (p=none; dis=none) header.from=azure.com
  11. Received: from [65.52.234.16] ([65.52.234.16:36610] helo=mysmtp1.northcentralus.cloudapp.azure.com) by [removed]
  12. (envelope-from <contact@azure.com>) [removed]; Thu, 20 Jun 2019 07:19:58 -0400
  13. Received: from MYRDP.shy1v4l2bkuuxjgwhhbgqcdz4c.jx.internal.cloudapp.net (unknown [104.214.58.211])
  14. by mysmtp1.northcentralus.cloudapp.azure.com (Postfix) with ESMTPA id CB2BA2210EE3;
  15. Thu, 20 Jun 2019 11:19:51 +0000 (UTC)
  16. Message-ID: <EE.05.17125.EDB6B0D5@smtp32.gate.ord1d.rsapps.net>
  17. Content-Type: multipart/mixed; boundary="===============0376729141=="
  18. MIME-Version: 1.0
  19. Subject: =?utf-8?b?UGF5bWVudMKgQW1vdW50IDogwqBVU0QgJDEwLDcyNy4xMQ==?=
  20. To: Recipients <contact@azure.com>
  21. From: "Azure Enterprise (S) Pte Ltd" <contact@azure.com>
  22. Date: Thu, 20 Jun 2019 11:19:51 +0000
  23.  
  24. You will not see this in a MIME-aware mail reader.
  25. --===============0376729141==
  26. Content-Type: multipart/alternative; boundary="===============0675389668=="
  27. MIME-Version: 1.0
  28.  
  29. --===============0675389668==
  30. Content-Type: text/plain; charset="iso-8859-1"
  31. MIME-Version: 1.0
  32. Content-Transfer-Encoding: quoted-printable
  33. Content-Description: Mail message body
  34.  
  35. Dear contact,
  36. Payment will be completed when you confirm the attached application form =
  37.  
  38. Once verified, it will be credited to your account =
  39.  
  40. Payment Details attached....
  41. Date : June, 17, 2019
  42. Receipt Number : 0C739415OU953045R
  43. Payment Amount : USD $5,727.11
  44. Payment Status : Pendng
  45. =
  46.  
  47. complete the Payment application form in attachment
  48. =
  49.  
  50. For assistance contact =
  51.  
  52. Best Regards,
  53.  
  54. --===============0675389668==
  55. Content-Type: text/html; charset="iso-8859-1"
  56. MIME-Version: 1.0
  57. Content-Transfer-Encoding: quoted-printable
  58. Content-Description: Mail message body
  59.  
  60. <HTML><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset=
  61. =3Diso-8859-1"/></head><BODY><P><STRONG><SPAN style=3D"COLOR: #3366ff"><SPA=
  62. N style=3D"FONT-FAMILY: 'times new roman', times, serif">Dear&nbsp;</SPAN>c=
  63. ontact,</SPAN></STRONG></P>
  64. <P><SPAN style=3D"FONT-FAMILY: 'times new roman', times, serif; COLOR: #336=
  65. 6ff">Payment will be completed when you confirm the attached application fo=
  66. rm&nbsp;</SPAN></P>
  67. <P><SPAN style=3D"COLOR: #3366ff">Once verified, it will be credited to you=
  68. r account&nbsp;</SPAN></P>
  69. <P><SPAN style=3D"COLOR: #3366ff">Payment Details attached....</SPAN></P>
  70. <P><SPAN style=3D"COLOR: #3366ff">Date :&nbsp; June, 17, 2019</SPAN></P>
  71. <P><SPAN style=3D"COLOR: #3366ff">Receipt Number :&nbsp; 0C739415OU953045R<=
  72. /SPAN></P>
  73. <P><SPAN style=3D"COLOR: #3366ff">Payment Amount :&nbsp; USD $5,727.11</SPA=
  74. N></P>
  75. <P><SPAN style=3D"COLOR: #3366ff">Payment Status :&nbsp; Pendng</SPAN></P>
  76. <P>&nbsp;</P>
  77. <P><SPAN style=3D"FONT-FAMILY: 'times new roman', times, serif; COLOR: #336=
  78. 6ff">complete the Payment application form in attachment</SPAN></P>
  79. <P>&nbsp;</P>
  80. <P><SPAN style=3D"COLOR: #3366ff">For assistance contact&nbsp;</SPAN></P>
  81. <P style=3D"FONT-SIZE: 13px; FONT-FAMILY: Verdana, Geneva, sans-serif; WHIT=
  82. E-SPACE: normal; WORD-SPACING: 0px; TEXT-TRANSFORM: none; FONT-WEIGHT: 400;=
  83. COLOR: #222222; MARGIN: 0px; LETTER-SPACING: normal; BACKGROUND-COLOR: #ff=
  84. ffff; TEXT-INDENT: 0px; font-variant-ligatures: normal"><SPAN style=3D"FONT=
  85. -SIZE: 11pt; FONT-FAMILY: Calibri, sans-serif; COLOR: #3366ff">Best Regards=
  86. ,</SPAN></P></BODY></HTML>
  87. --===============0675389668==--
  88. --===============0376729141==
  89. Content-Type: application/octet-stream
  90. MIME-Version: 1.0
  91. Content-Transfer-Encoding: base64
  92. Content-Disposition: attachment; filename="Reciept.img"
  93.  
  94. [information removed]
  95.  
  96. --===============0376729141==--
RAW Paste Data
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!