Selected news item is not available in the requested language.

Italian language proposed.

Close

25/11/2019
11:02

2019W47 Report settimanale => 23-29/11 2K19 campagne MalSpam target Italia


Malware veicolati nelle campagne malspam: Ursnif, Emotet, HawkEye, PWStealer, LokiBot, Maze
       
week47

Report settimanale delle campagne italiane di malspam a cura del C.R.A.M. di TG Soft.

Di seguito i dettagli delle campagne diffuse in modo massivo nella settimana appena trascorsa dal 25 novembre 2019 al 29 novembre 2019: Ursnif, Emotet, HawkEye, PWStealer, LokiBot, Maze

INDICE

 ==> 25 novembre 2019 => Emotet - Ursnif 
 
 ==> 
26 novembre 2019 => Emotet - LokiBot - Ursnif - PWStealer

 ==> 27 novembre 2019
 => Maze - LokiBot - Emotet

 ==> 
28 novembre 2019 => Emotet - HawkEye

 ==> 29 novembre 2019 => Emotet
 

 
==> Consulta le campagne del mese di Novembre


25 novembre 2019

Emotet

 
 
 

Nome file: 2019D000089735.doc
MD5: a7ab770b73812070c0077201ce192425
Dimensione: 216828 Bytes
VirIT: W97M.Downloader.BVP

Nome file
: printsxcl.exe
MD5
: bdec1fbbda7e45a34f9be54f599941c5
Dimensione
: 192609 Bytes
VirIT
: Trojan.Win32.Emotet.BVP

IOC:
a7ab770b73812070c0077201ce192425
bdec1fbbda7e45a34f9be54f599941c5

p://www.usd78[.]com/vhosts/xxf/
p://aahch[.]org/wordpress/9ioh/
p://old.bigbom[.]com/wp-snapshots/installer/CkYwk/YJbr/
s://valeriademonte[.]com/ii/x33lm/
s://jdiwindows[.]com/02nrr/O/

 



Torna ad inizio pagina

Ursnif





0246359-592968.xls
MD5: b41d61650d258adc4743767f4fbf1761
Dimensione61440
VirIT: X97M.Downloader.BVP

IOC
:
b41d61650d258adc4743767f4fbf1761

173.232.146[.]171



Torna ad inizio pagina



26 novembre 2019

Emotet


 

messaggio 26 112019 BLZ_4938.doc
MD5: a16b0734a67edfe42cfdbbb5cca035e5
Dimensione: 229951 Bytes
VirIT: W97M.Downloader.BVS

printsxcl.exe
MD5: 2748e68dde5513a350a951cda5806d83
Dimensione: 655677 Bytes
VirIT: Trojan.Win32.Emotet.BVU


IOC
:
a16b0734a67edfe42cfdbbb5cca035e5
2748e68dde5513a350a951cda5806d83

s://youcaodian[.]com/wp-admin/o515786/
s://goddoskyfc[.]com/wp-admin/wq3xfsd37/
s://navinfamilywines[.]com/alloldfiles.zip/ds6/
s://www.oshodrycleaning[.]com/aspnet_client/wlyj79/
s://onlykissme[.]com/dpp2/3er74208/
 
 

Torna ad inizio pagina

LokiBot



TD98804844783.exe
MD5: 44a8d0c49f102fea9f34c7eb11c6e9cd
Dimensione: 467995 Bytes
VirIT: Trojan.Win32.PSWStealer.BVS

IOC:
44a8d0c49f102fea9f34c7eb11c6e9cd

gelcursot[.]top
8.208.8[.]1

Torna ad inizio pagina

Ursnif




info_11_26.doc
MD53cfa5304598cd2a24ef719a14fc50c20
Dimensione: 68092 Bytes
VirIT: W97M.Downloader.BVS

afJql3.exe
MD5: 1f6f5eadf53d4a58f82c404c43186d34
Dimensione: 1671168 Bytes
VirIT: Trojan.Win32.Ursnif.BVS

Versione: 214107
Gruppo: 3534
Key: 10291029JSJUYNHG


IOC:
3cfa5304598cd2a24ef719a14fc50c20
1f6f5eadf53d4a58f82c404c43186d34

83.166.241[.]33

 

PWStealer



doc77777886.exe
MD5: 4e18be04222fc9e2de843aae836177ee
Dimensione: 344525 Bytes
VirIT: Trojan.Win32.PSWStealer.BVH

IOC:
4e18be04222fc9e2de843aae836177ee
 


Torna ad inizio pagina

 

27 novembre 2019

Maze




VERDI.doc
MD5: 37facdc5167a2de80a4d328920579e31
Dimensione: 129773 Bytes
VirIT: W97M.Downloader.BVU

jbz.exe
MD5: e3648731a36105980f5fae6b4afe614b
Dimensione: 1172784 Bytes
VirITTrojan.Win32.Genus.BVU

IOC:
37facdc5167a2de80a4d328920579e31
e3648731a36105980f5fae6b4afe614b

  

LokiBot




Label3572795914.pdf__PDF__647464.exe
MD5fb56e9a78732387e4ff290664c2a17a6
Dimensione: 300544 Bytes
VirITTrojan.Win32.Genus.BVU
 

IOC:
fb56e9a78732387e4ff290664c2a17a6

p://onllygoodam[.]com
161.117.188[.]233



Emotet

 


Documento.doc
MD59177e79b5404b729c4a85037a40a730d
Dimensione: 246132 Bytes
VirITW97M.Downloader.BVU

CHUNKERSENSOR.EXE
MD5: 3a92634dc1a9b93f5cef4660f2d149ce
Dimensione: 305152 Bytes
VirIT:
Trojan.Win32.Emotet.ZJ

IOC:
9177e79b5404b729c4a85037a40a730d
3a92634dc1a9b93f5cef4660f2d149ce

p://bomberosvilladelrosario[.]org/MyAdmin/8t/
s://picslife7[.]com/elmkv/8r/
s://www.kiddostoysclub[.]com/wp-admin/c5/
s://www.sennesgroup[.]com/wp-content/d4v/
s://www.ncafp[.]com/83738/czid/
 


 
Torna ad inizio pagina


28 novembre 2019

Emotet



MESSAGIO 28 112019 54800097.doc
MD5: 3e6f99fc4e4e1e6421625cee13c99abc
Dimensione: 233849 Bytes
VirIT: W97M.Downloader.BVW

printsxcl.exe
MD5: 14f287b851c3009024e043ce86e4ab0e
Dimensione: 405504 Bytes
VirITTrojan.Win32.Emotet.BVX


IOC:
3e6f99fc4e4e1e6421625cee13c99abc
14f287b851c3009024e043ce86e4ab0e

p://ketshops[.]com/wp-admin/1ctyi32961/
p://purviitech[.]com/wp-admin/2bswt80/
s://insidermetric[.]com/wp-content/plugins/b8nt953/
p://shampoocaviar[.]com/wp-admin/css/colors/hw2113/
s://pharmachemsales[.]com/wp-content/p677br1858/
 


Torna ad inizio pagina

HawkEye



Fattura_108440022_1001855_281119.exe
MD5: 4321314f1045ee6f3010d690c337e7dd
Dimensione: 2052608 Bytes
VirIT: Trojan.Win32.Genus.BVW


IOC:
4321314f1045ee6f3010d690c337e7dd

p://pomf[.]cat/upload.php&
s://a.pomf[.]cat


 


Torna ad inizio pagina
 
 

HawkEye




Coordinate_bancarie.exe

MD5: 5604922c5633899461fb58ef1fd8b0ec
Dimensione: 2052608 Bytes
VirIT: Trojan.Win32.PSWStealer.BVW

IOC:
5604922c5633899461fb58ef1fd8b0ec

p://pomf[.]cat/upload.php&
s://a.pomf[.]cat


29 novembre 2019

Emotet



Fattura N 02547 ZVOM 29-11-2019.doc
MD5: 565718b50c3e1f35155b689a0669ad24
Dimensione: 199745 Bytes
VirIT: W97M.Downloader.BVY

printsxcl.exe
MD5: 8760c4dc1744e93eb02e5a98b31b3edd
Dimensione: 688274 Bytes
VirITTrojan.Win32.Emotet.BWA

5mkDmZSGokD23.exe
MD5: 4f4759fa8de8df5f317584f30bc3e0b5
Dimensione: 414208 Bytes
VirIT: Trojan.Win32.TrickBot.BWA




IOC:
565718b50c3e1f35155b689a0669ad24
8760c4dc1744e93eb02e5a98b31b3edd
4f4759fa8de8df5f317584f30bc3e0b5

s://poshouse[.]vn/z8o/86e4w7s-ld9c5hu-049/
s://sptconstruction[.]co[.]za/cgi-bin/q4nm-91adpwqdm-95/
s://titrshop[.]ir/wp-includes/XcWEIG/
p://www.juzhaituan[.]com/wp-includes/ZIQzpsvC/
s://www.andrea-alvarado[.]com/test/eAivCQCg/



Torna ad inizio pagina
 

Consulta le campagne del mese di Novembre

Vi invitiamo a consultare i report del mese di Novembre, per rimanere aggiornati sulle campagne di malspam circolanti in Italia:

16/11/2019 = Report settimanale delle campagne italiane di Malspam dal 16 novembre al 22 novembre 2019
09/11/2019 = Report settimanale delle campagne italiane di Malspam dal 09 novembre al 15 novembre 2019
02/11/2019 = Report settimanale delle campagne italiane di MalSpam dal 02 novembre al 08 novembre 2019

C.R.A.M. 
Centro Ricerche Anti-Malware di TG Soft 
Any information published on our site may be used and published on other websites, blogs, forums, facebook and/or in any other form both in paper and electronic form as long as the source is always and in any case cited explicitly “Source: CRAM by TG Soft www.tgsoft.it” with a clickable link to the original information and / or web page from which textual content, ideas and / or images have been extrapolated.
It will be appreciated in case of use of the information of C.R.A.M. by TG Soft www.tgsoft.it in the report of summary articles the following acknowledgment/thanks “Thanks to Anti-Malware Research Center C.R.A.M. by TG Soft of which we point out the direct link to the original information: [direct clickable link]”

Vir.IT eXplorer PRO is certified by the biggest international organisation: