Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ***2017-12-18 EMOTET***
- BODY URL:
- hxxp://logoswift[.]net/Invoice/
- hxxp://www.cableweb[.]org/Overdue-payment/
- hxxp://www.chooseordie[.]me/Outstanding-Invoices/
- hxxp://www.exxecutive[.]com/Invoice-Number-35464/
- hxxp://www.farggrossisten[.]se/Sales-Invoice/
- hxxp://www.klesarstvo-antolasic[.]com/Invoices-Overdue/
- hxxp://www.nagelpilzbehandeln[.]info/Outstanding-Invoices/
- hxxps://enterpriseupdates.teamwork[.]com/Sales-Invoice/
- www.finditinfondren[.]net/INCORRECT-INVOICE/
- www.imagemirror[.]ru/Invoice-Number-19700/
- www.nagelpilzbehandeln[.]info/Outstanding-Invoices/
- DOWNLOADED FILE (Outstanding Invoices.doc):
- 5f6a2aa70a80a09d358c35f0fc1b0b95
- fdd6288747eb976a863966935b7800b1ed839ded3fe15dfa039a2c6f68b940b5
- PAYLOAD DISTRIBUTION:
- hxxp://coffeybarn[.]com/Qq3sDS0/
- hxxp://easyfood[.]us/G4VaoW/
- hxxps://icbb.unud.ac[.]id/0XSX0/
- hxxp://festival-druzba.com[.]ua/r4Iwz/
- hxxp://plan.goteborg2021.webadmin8[.]net/wp-content/themes/goteborg/fhYm/
- PAYLOAD DOWNLOADED:
- 974c2c7e29c65f9f086183e1ca3a7f11
- b097ea770dc8e706f08929ed949ba7d1b730596d34d0447f9847cbbe6df43d1d
- C2:
- hxxp://5.230.193[.]41:8080
- hxxp://46.4.192[.]185:8080/
- hxxp://107.170.177[.]153:8080/
- REFS:
- Doc - https://www.virustotal.com/#/file/fdd6288747eb976a863966935b7800b1ed839ded3fe15dfa039a2c6f68b940b5/community
- Doc - https://www.hybrid-analysis.com/sample/fdd6288747eb976a863966935b7800b1ed839ded3fe15dfa039a2c6f68b940b5?environmentId=100
- Payload - https://www.virustotal.com/en/file/b097ea770dc8e706f08929ed949ba7d1b730596d34d0447f9847cbbe6df43d1d/analysis/
- Payload - https://www.hybrid-analysis.com/sample/b097ea770dc8e706f08929ed949ba7d1b730596d34d0447f9847cbbe6df43d1d?environmentId=100
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
