Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #IOC #OptiData #VR #Lumma #Stealer #AutoIt #7z #RAR #PWD #EXE
- https://pastebin.com/uRwsPe70
- previous_contact:
- 31/01/24 https://pastebin.com/0sqGs6aV
- 30/01/24 https://pastebin.com/pgjwR07Z
- 27/01/24 https://pastebin.com/4B3hwvpx
- 25/01/24 https://pastebin.com/pwL5HdeX
- FAQ:
- https://malpedia.caad.fkie.fraunhofer.de/details/win.lumma
- attack_vector
- --------------
- email attach .7z > .rar (PWD) > .exe > .pif (AutoIt) > Z (Java Script) > C2
- # # # # # # # #
- email_headers
- # # # # # # # #
- Date: Mon, 12 Feb 2024 12:13:15 +0300
- Subject: вихідний № 350985 - 12.02.2024
- From: Андрусів Влада Мстиславівна <info@ athenssquare_gr>
- Reply-To: Чекалюк Доморад Жданович <dsp@ dp_dsp_gov_ua>
- Received: from smtp02_prd_hc_generation - y_net ([95_216_185_242])
- Received: from kappa_generation - y_net (kappa_generation - y_net [88_99_102_100])
- Received: from [5_42_92_31] (port=50066 helo=DESKTOP - TCRDU4C)
- Date: Mon, 12 Feb 2024 13:04:06 +0300
- Subject: вихідний № 24062 - 12.02.2024
- From: Шульга Надіслава Никодимівна <natsu@ mosimon_com>
- Reply-To: Іщенко Єпистима Вікторівна <dsp@ dp_dsp_gov_ua>
- Received: from mosimon_com (mosimon_com [124_146_222_175])
- Received: from unknown (HELO DESKTOP - TCRDU4C) (natsu@ mosimon_com @ 5_42_92_31) by dc11_etius_jp (124_146_222_175) with ESMTPA
- # # # # # # # #
- files
- # # # # # # # #
- SHA-256 91d1973486af73f2c30d0cf608005a75b53abd017f4fbf19a9c53a5b23a9429b
- File name Запит інформації щодо платежів..7z
- File size
- SHA-256 3743dec7693f67e4b87f6b926a8196ae04973ce18e052e6a0eb1aaaf30d776f3
- File name Додатки 1. Запит інформації щодо платежів..rar !PWD
- File size
- SHA-256 b756f04d1cd713bb11d5ae1032f8e8580d7cb11ad9e58f0219c9a9fb02c20d42
- File name Додатки 1. Запит інформації щодо платежів.pdf.exe
- File size
- SHA-256 f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3
- File name Immigrants.pif !AutoIt
- File size
- SHA-256 a388bbf5baf8b3fb09340031dac1c88edc8929a630586af3dcbb37cfe580e26a
- File name Z !Lumma
- File size
- # # # # # # # #
- activity
- # # # # # # # #
- PL_SCR email_attach
- C2
- bleednumberrottern _home,
- brakesummitfiightre _pics,
- legislationdictater _mom,
- developmentalveiop _home,
- baketransparentadw _pics,
- lawwormroleveinn _momu,
- hunterstrawmersp _home,
- mercyaloofprincipleo _pics,
- ironshottallinko _funu,
- bleednumberrottern _home,
- brakesummitfiightre _pics,
- legislationdictater _mom,
- developmentalveiop _home,
- baketransparentadw _pics,
- lawwormroleveinn _momu,
- hunterstrawmersp _home,
- mercyaloofprincipleo _pics,
- ironshottallinko _funu,
- bleednumberrottern _home,
- brakesummitfiightre _pics,
- legislationdictater _mom,
- developmentalveiop _home,
- baketransparentadw _pics,
- lawwormroleveinn _momu,
- hunterstrawmersp _home,
- mercyaloofprincipleo _pics,
- ironshottallinko _funu
- netwrk
- --------------
- comp
- --------------
- proc
- --------------
- Earn + Program + Asset + Reserve + Slowly 15968\Immigrants.pif
- Viking + Chaos + Participated 15968\Z
- persist
- --------------
- n/a
- drop
- --------------
- Immigrants.pif
- Z
- # # # # # # # #
- additional info
- # # # # # # # #
- n/a
- # # # # # # # #
- VT & Intezer
- # # # # # # # #
- https://www.virustotal.com/gui/file/91d1973486af73f2c30d0cf608005a75b53abd017f4fbf19a9c53a5b23a9429b/details
- https://www.virustotal.com/gui/file/3743dec7693f67e4b87f6b926a8196ae04973ce18e052e6a0eb1aaaf30d776f3/details
- https://www.virustotal.com/gui/file/b756f04d1cd713bb11d5ae1032f8e8580d7cb11ad9e58f0219c9a9fb02c20d42/details
- https://www.virustotal.com/gui/file/f58d3a4b2f3f7f10815c24586fae91964eeed830369e7e0701b43895b0cefbd3/details
- https://www.virustotal.com/gui/file/a388bbf5baf8b3fb09340031dac1c88edc8929a630586af3dcbb37cfe580e26a/details
- VR
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
