API tools faq
paste
Advertisement
ExecuteMalware

2021-05-17 Unknown Malware IOCs

ExecuteMalware
May 17th, 2021
12,861
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.09 KB | None | 0 0
raw download clone embed print report
  1. THREAT IDENTIFICATION: UNKNOWN MALWARE
  2.  
  3. NOTES
  4. Running the executable also drops a .dll and 3 additional (non-executable) files to disk.
  5. Amazingly, the file hash for the .dll appears to have been on VirusTotal since 2009!
  6. There was traffic out to an IP address but all I saw were TCP resets.
  7.  
  8. SUBJECTS OBSERVED
  9. Re: Invoice
  10.  
  11. SENDERS OBSERVED
  12. liz@baptistelectric.com
  13.  
  14. MALDOC FILE HASH
  15. Invoice.iso
  16. b7d01db02b4cc2a8eb206ba19f929d9d
  17.  
  18. UNKNOWN MALWARE FILE HASH
  19. INV.exe
  20. f8273c95045f27e5d6e134b3a549a804
  21.  
  22. Copied and renamed to:
  23. weprasfwjvatm.exe
  24. f8273c95045f27e5d6e134b3a549a804
  25.  
  26. EXTERNAL TRAFFIC
  27. All I saw were TCP reset packets to/from 104.152.188.104
  28.  
  29. ADDITIONAL FILE HASHES
  30. AppData\Local\Temp contains:
  31.  
  32. tambd6oqxct5led0
  33. d3dde1244f9803c4e203358fdb6650e9
  34.  
  35. ynqcndeig
  36. acbd3e7c6c99c4b193f2a1e604bc9976
  37.  
  38. 3bxww6ac1hfs
  39. 96cbec9afc4628836a80fa456b63e5ef
  40.  
  41. Also, in a separate directory under AppData\Local\Temp\:
  42. System.dll
  43. c17103ae9072a06da581dec998343fc1
  44.  
  45. SUPPORTING EVIDENCE
  46. https://www.virustotal.com/gui/file/dc58d8ad81cacb0c1ed72e33bff8f23ea40b5252b5bb55d393a0903e6819ae2f/detection
  47.  
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!