A reader submitted a file, that turned out to be a mass mailer project file used by malicious actors. This malicious actor was not the only one mistakingly sending out their mass mailer project file: I found many other files. What follows is an overview of various fake email templates defined in these mass mailer project files. Some of them are very basic, while others look exactly like legitimate emails. I highlighted mailing variables ([[-Email-]], [[-Domain-]]) used in these templates.
Didier Stevens |
DidierStevens 640 Posts ISC Handler Oct 31st 2020 |
Thread locked Subscribe |
Oct 31st 2020 1 year ago |
Here are the SHA256 hashes of the MMP files I found on VirusTotal:
203a150599cc3ffdde11dfa8210060f2e55360606faf8dbba0c9e9b9dc231ccd c09f14afe0298a2960e98a69d408f2d9be4f94341816d200d41ac0c0c1f6588f 7f16e454caad2beae5d5d32e631bdfe9be5c7eddd38251069df689d9c0f6c6ce d75ffd7034e04fb949fd4f59347a0f6d1982359a48db29cb7e325703bcf37d0d c5b4fbd4b78cddf838518f84f2f760cc8cb4d7cdf37b0f15cbc695e043474242 396529f94187923776f84ce73bbc21e10b36af152127706a3c358f3918049520 da8ad30ad438fe6b8dc6aae855070f06a301679e896c59a27faf349b8557f552 366cae5bd4d507076aa9870c9dd5b1944d7308dcaf28d4271eb438874e4c7c18 ba2e8ef86d4f3280c34e9c56fa4b1549876d482ab72708ee6d02fee326ce4d19 343bc6503d93cecad8fd53ea4f940f0de1f836b8739385e0b320ef3cffef7eb5 91868bc73ad02433d1047a7d98314f2393e3a89c9dfd6305e25bf242c0d46cb6 a6c8844af6504705e9044cec93d9cd6d6a235627ba270312fd2ce21877d7f94d 33972d67569b4bec7960e09af45c94ccf2e64dab946a2e205660de9a32bf8be6 21ef063f2741deb7c64e337f3a9925dbb80149f4c828914647ded3f43d307084 eaf833cdbac8d061f0a06777a3d13a0680cf95d35514ee3afef0fe0471841b68 |
Anonymous ISC Handler |
Quote |
Nov 2nd 2020 1 year ago |
Sign Up for Free or Log In to start participating in the conversation!