~/pills/emotet.md

Disclaimer

File ricevuto per posta in data 24/05/2022
Analisi effettuata in data 24/05/2022

Pattern

Doc 2405.zip > Doc 2405.xls > download DLLs > regsvr32

URLs
  1. https://bosny.com/aspnet_client/NGTx1FUzq – ONLINE
  2. https://www.berekethaber.com/hatax/c7crGdejW4380ORuxqR – OFFLINE
  3. https://bulldogironworksllc.com/temp/BBh5HHpei – ONLINE
Out file
  1. d97a7ad99d03d6e71460ea1d070aabc6 dxKhiFyiYY.dll
  2. NONE
  3. 40d36d444e78be05e5aa2d642bea40bf cOdKQViudamr.dll
C2
  1. 37.44.244.177:8080 – OFFLINE
  2. 160.16.143.191:7080 – OFFLINE
  3. 165.22.73.229:8080 – ONLINE
  4. 196.44.98.190:8080 – ONLINE

Lascia un commento