A forum for reverse engineering, OS internals and malware analysis 

Forum for analysis and discussion about malware.
 #32823  by Antelox
 Mon Apr 15, 2019 4:48 pm
Fedor22 wrote: Mon Apr 15, 2019 4:11 pm
ikolor wrote: Mon Apr 15, 2019 12:47 pm What is this !!

https://www.virustotal.com/en/file/dbc0 ... 555332252/
PDF, Word phishing.
PDF and Word document contains a phishing link of Microsoft:
Code: Select all
hxxp://odontotepuy.com.ve/bossgate/office365/cha/The_BACHA
Phishing kit attached.

BR,

Antelox
You do not have the required permissions to view the files attached to this post.
 #32945  by Fedor22
 Fri May 24, 2019 4:22 pm
ikolor wrote: Thu May 23, 2019 6:41 pm next

https://www.virustotal.com/en/file/b151 ... 558636756/
Emotet downloader.
Downloads exe from:
Code: Select all
hxxp://golfingtrail.com/wp-content/sdqxmmt_cdpt6j-862703104/
Connects to C&C servers:
Code: Select all
hxxp://76.86.20.103/jit/stubs/ringin/
hxxp://5.67.205.99/usbccid/schema/
hxxp://144.139.247.220/scripts/health/ringin/
  • 1
  • 3
  • 4
  • 5
  • 6
  • 7