Continuing the series on double archived malicious Javascript attachments delivered in very sloppy malware campaigns, the below have been checked for August.
Sender IP addresses
59.124.187.50 36.239.16.228 223.29.225.63 113.195.163.28 52.54.181.27 5.250.193.0 188.16.126.64
IP addresses contacted by the attachment
78.85.240.218 36.239.16.228 47.89.241.198
URLs
photographyconsult.men/support.php?f=1.dat videosalt.men groovetable.trade http://playvilla.men/admin.php?f=1.dat hallvilla.win scenetavern.win http://soundgoodhj.info/admin.php http://soundgoodhj.info/admin.php?f=1.dat http://grooveterrace.win/admin.php?f=3
Attachments SHA256
90572911e7c82d47f3f89929f7d8d37bc6d863efd29d1519f83a1312de6a37b1 83a10e8ad943bd59576e5428d47ff2dc0343e085db773b26921cbf5d350ea2e5 e7e4a9ac749608ea9744f52f100951863c6c1bfc8ee5033b0d76d355a9b7c9aa d81b5f3955b840769b5e0714e50d50414ddc1788f185a9f263cbb65edfe37e7c e0a06b18eaae92d00302597a46001851e4904fa08690429cae205244d037b3f9 cef380024666fa131095759fba66e7e66d5bace0fa45d2810a426246d352fc89
Attachments online analysis
https://www.virustotal.com/en/file/90572911e7c82d47f3f89929f7d8d37bc6d863efd29d1519f83a1312de6a37b1/analysis/1503226669/https://www.hybrid-analysis.com/sample/90572911e7c82d47f3f89929f7d8d37bc6d863efd29d1519f83a1312de6a37b1?environmentId=100 https://www.virustotal.com/en/file/83a10e8ad943bd59576e5428d47ff2dc0343e085db773b26921cbf5d350ea2e5/analysis/1503226442/https://www.hybrid-analysis.com/sample/83a10e8ad943bd59576e5428d47ff2dc0343e085db773b26921cbf5d350ea2e5?environmentId=100 https://www.virustotal.com/en/file/e7e4a9ac749608ea9744f52f100951863c6c1bfc8ee5033b0d76d355a9b7c9aa/analysis/1503226296/https://www.hybrid-analysis.com/sample/e7e4a9ac749608ea9744f52f100951863c6c1bfc8ee5033b0d76d355a9b7c9aa?environmentId=100 https://www.hybrid-analysis.com/sample/d81b5f3955b840769b5e0714e50d50414ddc1788f185a9f263cbb65edfe37e7c?environmentId=100 https://www.virustotal.com/en/file/d81b5f3955b840769b5e0714e50d50414ddc1788f185a9f263cbb65edfe37e7c/analysis/1502638323/ https://www.hybrid-analysis.com/sample/e0a06b18eaae92d00302597a46001851e4904fa08690429cae205244d037b3f9?environmentId=100 https://www.virustotal.com/en/file/cef380024666fa131095759fba66e7e66d5bace0fa45d2810a426246d352fc89/analysis/1503225794/https://www.hybrid-analysis.com/sample/cef380024666fa131095759fba66e7e66d5bace0fa45d2810a426246d352fc89?environmentId=100