SHARE
TWEET

2017-06-07 TheTrick "xx_Invoice_xxxx"

Racco42 Jun 7th, 2017 (edited) 754 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. 2017-06-07 #thetrick email phishing campaign "nn_Invoice_nnnn"
  2.  
  3. Email sample:
  4. ---------------------------------------------------------------------------------------------
  5. From: VICENTE GREAVE <vicentegreave@gentbrown.worldonline.co.uk>
  6. To: [REDACTED]
  7. Subject: 41_Invoice_5633
  8. Date: Wed, 7 Jun 2017 14:20:51 +0530
  9.  
  10. 001_8966
  11.  
  12. Attachment: 001_8966.pdf
  13. ---------------------------------------------------------------------------------------------
  14.  
  15. Download Sites:
  16. http://1time.nl/7gyb3ds
  17. http://adproautomation.in/7gyb3ds
  18. http://aolongkeji.cn/7gyb3ds
  19. http://beursgays.com/7gyb3ds
  20. http://camberwellroofing.com.au/7gyb3ds
  21. http://caperlea.com/7gyb3ds
  22. http://castvinyl.ru/7gyb3ds
  23. http://choralia.net/7gyb3ds
  24. http://chqm168.com/7gyb3ds
  25. http://codeclinics.com/7gyb3ds
  26. http://essentialnulidtro.com/af/7gyb3ds
  27. http://luxcasa.pt/7gyb3ds
  28. http://manish-choudhary.com/7gyb3ds
  29. http://martos.pt/7gyb3ds
  30. http://micolon.de/7gyb3ds
  31. http://muldefischer.de/7gyb3ds
  32. http://musee-champollion.fr/7gyb3ds
  33. http://mybutterhalf.com/7gyb3ds
  34. http://mytraveltrip.in/7gyb3ds
  35. http://saheser.net/7gyb3ds
  36. http://sanftes-reiten.de/7gyb3ds
  37. http://shopf3.com/7gyb3ds
  38. http://shreekamothe.com/7gyb3ds
  39. http://spocom.de/7gyb3ds
  40. http://sumbermakmur.com/7gyb3ds
  41. http://surgideals.com/7gyb3ds
  42. http://suskunst.dk/7gyb3ds
  43. http://sutek-industry.com/7gyb3ds
  44. http://svagin.dk/7gyb3ds
  45. http://xinding.com/7gyb3ds
  46.  
  47. Malware:
  48. - encoded on download SHA256 20b58891216e3393f2da7c470d5e6aaeeeafc7b97e20e16cd13d8d3d1f21800c, MD5 a4644ad54e4ff86a4a3479927857ac29
  49. - decode by XORing download with "HCbCpPsTQuiY5Acu4CqRGXWZnlCzdU2D"
  50. - decoded SHA256 79d96a62622e4efb01fda23cf81b759e0059ad3cd3083acff7fb4174b0b3d40c, MD5 9c6cecc960bfd950b64699b2fee1a723
  51. - VT: https://www.virustotal.com/en/file/79d96a62622e4efb01fda23cf81b759e0059ad3cd3083acff7fb4174b0b3d40c/analysis/1496825894/
  52. - HA: https://www.virustotal.com/en/file/79d96a62622e4efb01fda23cf81b759e0059ad3cd3083acff7fb4174b0b3d40c/analysis/1496825894/
  53. - config: https://pastebin.com/arUi7B1H
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top