Disclaimer
File ricevuto per posta in data 24/05/2022
Analisi effettuata in data 24/05/2022
Pattern
Doc 2405.zip > Doc 2405.xls > download DLLs > regsvr32
URLs
- https://bosny.com/aspnet_client/NGTx1FUzq – ONLINE
- https://www.berekethaber.com/hatax/c7crGdejW4380ORuxqR – OFFLINE
- https://bulldogironworksllc.com/temp/BBh5HHpei – ONLINE
Out file
- d97a7ad99d03d6e71460ea1d070aabc6 dxKhiFyiYY.dll
- NONE
- 40d36d444e78be05e5aa2d642bea40bf cOdKQViudamr.dll
C2
- 37.44.244.177:8080 – OFFLINE
- 160.16.143.191:7080 – OFFLINE
- 165.22.73.229:8080 – ONLINE
- 196.44.98.190:8080 – ONLINE