Report settimanale delle campagne italiane di malspam a cura del C.R.A.M. di TG Soft.
Di seguito i dettagli delle campagne diffuse in modo massivo nella settimana appena trascorsa dal 01 febbraio 2020 al 07 febbraio 2020: Emotet, Ursnif, LokiBot, FormBook, RAT, PWStealer
|
INDICE
==> 03 febbraio 2020 => Emotet, LokiBot, PWStealer
==> 04 febbraio 2020 => Ursnif, Emotet, LokiBot, FormBook, PWStealer
==> 05 febbraio 2020 => LokiBot, PWStealer
==> 06 febbraio 2020 => Emotet, PWStealer
==> 07 febbraio 2020 => RAT, Emotet
==> Consulta le campagne del mese di Gennaio
|
PWStealer
Avviso di pagamento Copia_pdf.exe
MD5: a3ca912dd46787784d71f6d8ed961e09
Dimensione: 73728 Bytes
VirIT:
Trojan.Win32.PSWStealer.BZB
IOC:
a3ca912dd46787784d71f6d8ed961e09
PWStealer
DHL_FORM14PDF.exe
MD5: 45f4626e4f498ae850e60af0b41cc6f1
Dimensione: 2106880 Bytes
VirIT: Trojan.Win32.PSWStealer.BZB
IOC:
45f4626e4f498ae850e60af0b41cc6f1
PWStealer
INV_00364_3A00189257_pdf.pdf.exe
MD5: 5b89f8020b6e2ede813e7120e15f7d7d
Dimensione: 1660928 Bytes
VirIT:
Trojan.Win32.PSWStealer.BZB
IOC:
5b89f8020b6e2ede813e7120e15f7d7d
LokiBot
PaymentAdviceAgisco_CS540.exe
MD5: 05ae862d95759d6b44dcc6798cb8f25f
Dimensione: 45056 Bytes
VirIT:
Trojan.Win32.PSWStealer.BZB
IOC:
05ae862d95759d6b44dcc6798cb8f25f
p://dealwithus[.]tk
p://alphastand[.]trade/alien/fre.php
p://kbfvzoboss[.]bid/alien/fre.php
Emotet
2020_U16575268.doc
MD5: 9571bcb08e29efd56d7b899f611c57bc
Dimensione: 128662 Bytes
VirIT:
W97M.Emotet.BZB
createachannel.exe
MD5: 73111d16fad5d0a8c1b39407a7974037
Dimensione: 586057 Bytes
VirIT:
Trojan.Win32.Emotet.BZB
IOC:
9571bcb08e29efd56d7b899f611c57bc
73111d16fad5d0a8c1b39407a7974037
s://hatbhutantour[.]com/wp-content/3Wu/
p://tandinbhutantravel[.]com/wp-content/F6D/
s://sakurabacninh[.]com/database/7INiA233/
p://www.buildwithinnovation[.]com/idx6a/Ut/
s://beholdbhutantravels[.]com/wp-content/wW1/
PWStealer
pagamento.exe
MD5: ec9528b932a09fd90ce88d1a2af29ab9
Dimensione: 622080 Bytes
VirIT: Trojan.Win32.PSWStealer.BZD
kBQAdZByqNAYJPDxma5.exe
MD5: 4aada021e24051250345e956cf407b8f
Dimensione: 67584 Bytes
VirIT: Trojan.Win32.Genus.BZD
IOC:
ec9528b932a09fd90ce88d1a2af29ab9
4aada021e24051250345e956cf407b8f
Torna ad inizio pagina
LokiBot
2020045367822095.exe.exe
MD5: dd8c0ad36a79abbcff33c80e8fcf4cbf
Dimensione: 1283072 Bytes
VirIT:
Trojan.Win32.PSWStealer.BZD
IOC:
dd8c0ad36a79abbcff33c80e8fcf4cbf
p://xlkz[.]xyz
p://alphastand[.]trade/alien/fre.php
p://kbfvzoboss[.]bid/alien/fre.php
PWStealer
Dettagli del contratto.pdf.exe
MD5: 3f0fd9c7f1bef9f3915423f43cc26d5c
Dimensione: 1581568 Bytes
VirIT:
Trojan.Win32.PSWStealer.BZD
IOC:
3f0fd9c7f1bef9f3915423f43cc26d5c
108.161.187[.]74
Ursnif
info_02_04
MD5: a4a218cc13d73835b0e8819bc901c883
Dimensione: 73421 Bytes
VirIT:
W97M.Ursnif.BZD
(PAYLOAD URSNIF)
MD5: 2679166b9ddf923359bba34a111e195f
Dimensione: 262144 Bytes
VirIT:
Trojan.Win32.Ursnif.BZD
Versione: 214112 |
Gruppo: 3581 |
Key: 10291029JSJUYNHG |
IOC:
a4a218cc13d73835b0e8819bc901c883
2679166b9ddf923359bba34a111e195f
p://nvdvdgp[.]com
p://z4v1qth[.]com
p://gs11fd5[.]com
p://bghqyf1[.]com
p://ku3rgq4[.]com
Ursnif
297494_sollecito_SOL20A1640474.xls
MD5: 99c177598fa892cb999816ef94e1d041
Dimensione: 70144 Bytes
VirIT:
X97M.Ursnif.BZD
(PAYLOAD URSNIF)
MD5: 1cb3e945b1a5f3023006e12ad5f552c1
Dimensione: 276992 Bytes
VirIT:
Trojan.Win32.Ursnif.BZD
Versione: 214112 |
Gruppo: 2052 |
Key: 10291029JSJUXMPP |
IOC:
99c177598fa892cb999816ef94e1d041
1cb3e945b1a5f3023006e12ad5f552c1
p://kuu15austin21[.]com
p://qryyueeriberto[.]com
p://v15zxnapoleonln[.]com
DHLMIL005215487402.02042020.exe
MD5: cf13ae5f4fb0d986ee1d186064737741
Dimensione: 90112 Bytes
VirIT:
Trojan.Win32.PSWStealer.BZE
IOC:
cf13ae5f4fb0d986ee1d186064737741
PWStealer
MIL000215477400.exe
MD5: 2394c68a9d8b35605eb1af6f9100b770
Dimensione: 90112 Bytes
VirIT:
Trojan.Win32.Genus.BZD
IOC:
2394c68a9d8b35605eb1af6f9100b770
FormBook
d'acquisto n. 89146..exe
MD5: 4a81d14cd2a5697218c99a1723d0cd5e
Dimensione: 567808 Bytes
VirIT:
Trojan.Win32.PSWStealer.BZD
IOC:
4a81d14cd2a5697218c99a1723d0cd5e
PWStealer
PDFpagamento.exe
MD5: 7f75507da3b1f9a18b2e8871c78eab3c
Dimensione: 633344 Bytes
VirIT:
Trojan.Win32.PSWStealer.BZE
rbkallfuDlPKyZWZma5.exe
MD5: 35f67de43b83149d188897b8e8315d88
Dimensione: 112640 Bytes
VirIT:
Trojan.Win32.Genus.BZE
IOC:
7f75507da3b1f9a18b2e8871c78eab3c
35f67de43b83149d188897b8e8315d88
Emotet
fattura-1892.doc
MD5: 19e7819c1d7932e335449db06085cacf
Dimensione: 129852 Bytes
VirIT:
W97M.Emotet.BZD
createachannel.exe
MD5: 22e500356384360a46f34c7089e2ca2e
Dimensione: 352927 Bytes
VirIT:
Trojan.Win32.Emotet.BZD
IOC:
19e7819c1d7932e335449db06085cacf
22e500356384360a46f34c7089e2ca2e
p://crimecitynews[.]com/wp-includes/DeHZs1/
p://clicksbyayush[.]com/wp-content/T721/
s://www.hgklighting[.]com/dacecb0fcd2bc6cbe09ed1527e527b37/pwdSS610g/
p://cheapwebvn[.]net/wp-content/cache/uZLPqwbGic/
p://sundevilstudentwork[.]com/wp-content/N4h2nKXI/
PWStealer
PDF.pagamento.exe
MD5: 963d32581ad13d6d169bcda724505b28
Dimensione: 636928 Bytes
VirIT:
Trojan.Win32.PSWStealer.BZE
eNMVKofvODtVuilama5.exe
MD5: a881c76e1f9d6d7ad55b33b00946e6ba
Dimensione: 113152 Bytes
VirIT:
Trojan.Win32.Genus.BZE
IOC:
963d32581ad13d6d169bcda724505b28
a881c76e1f9d6d7ad55b33b00946e6ba
PWStealer
INV_00364_3A001892572_pdfpdf.exe
MD5: b4e601ee8e9933084e255172e60d1374
Dimensione: 1535488 Bytes
VirIT: Trojan.Win32.Genus.JW
IOC:
b4e601ee8e9933084e255172e60d1374
LokiBot
VLTG_PurchaseOrder_Vitas_9735450.exe
MD5: e0cefa4353bc8f52c9e26c0bbce63610
Dimensione: 77824 Bytes
VirIT: Trojan.Win32.PSWStealer.BZE
IOC:
e0cefa4353bc8f52c9e26c0bbce63610
p://euromopy[.]tech
p://alphastand[.]trade/alien/fre.php
p://kbfvzoboss[.]bid/alien/fre.php
PWStealer
pagamento.exe
MD5: 3a0b51389b0dec543e1c07273374d3ba
Dimensione: 615424 Bytes
VirIT:
Trojan.Win32.PSWStealer.BZH
MPupanGFrEYvXNWrma5.exe
MD5: 81810bc28f0b6f7807430c28739e722a
Dimensione: 49152 Bytes
VirIT:
Trojan.Win32.Genus.BZH
IOC:
3a0b51389b0dec543e1c07273374d3ba
81810bc28f0b6f7807430c28739e722a
Fatture_GH0040_febbraio_2020_{RCPT.DOMAIN-1}.doc
MD5: 525f09b7e626bc4b4ae9b5651add05a6
Dimensione: 273234 Bytes
VirIT:
W97M.Emotet.BZH
createachannel.exe
MD5: 948c98a8c8662e283066922f48ebd0c3
Dimensione: 241953 Bytes
VirIT:
Trojan.Win32.Emotet.BZH
IOC:
525f09b7e626bc4b4ae9b5651add05a6
948c98a8c8662e283066922f48ebd0c3
s://9jabliss[.]com/oirxio/zlUgplO/
p://nvl.netsmartz[.]net/zod/gedkhogBs/
s://tbadl-ashtrakat[.]000webhostapp.com/wp-admin/3zru64pkg-eyke30v-432/
p://web23.s170[.]goserver.host/tmp/dz3c5ars-2zpnzzj69-298/
p://steakhouse42[.]site/tmp/mwh-vvrtz9kn-2692678/
RAT
saps.doc
MD5: 574466838a7711088fb70fae1ae9cacb
Dimensione: 427602 Bytes
VirIT:
W97M.Downloader.BZJ
ertrqvg.exe
MD5: 04246b8456c1e0682e4f3b7d286a939d
Dimensione: 102912 Bytes
VirIT:
Trojan.Win32.Kasidet.BA
IOC:
574466838a7711088fb70fae1ae9cacb
04246b8456c1e0682e4f3b7d286a939d
p://nurofenpanadol[.]su/tasks.php
Emotet
Form.rtf
MD5: c258f827282731ed61c672e501319b3f
Dimensione: 215348 Bytes
VirIT:
W97M.Emotet.BZJ
createachannel.exe
MD5: 83b0ea9176b595556a4db794c73ee3e1
Dimensione: 491846 Bytes
VirIT:
Trojan.Win32.Emotet.BZJ
IOC:
c258f827282731ed61c672e501319b3f
83b0ea9176b595556a4db794c73ee3e1
p://fastacompany[.]com/wp-includes/IErV82C/
p://finerbook[.]com/wp-admin/H2897/
p://foto-periodismo[.]com/wp-content/WmK574/
p://gadgetgi[.]com/wp-admin/bEd7912/
p://funatsu[.]biz/wp/RMEE429803/
Torna ad inizio pagina
Consulta le campagne del mese di Gennaio
Vi invitiamo a consultare i report del mese di Gennaio, per rimanere aggiornati sulle campagne di malspam circolanti in Italia:
18/01/2020 =
Report settimanale delle campagne italiane di Malspam dal 18 gennaio al 24 gennaio 2020
11/01/2020 =
Report settimanale delle campagne italiane di MalSpam dal 11 gennaio al 17 gennaio 2020
C.R.A.M.
Centro Ricerche Anti-Malware di TG Soft