Overview

overview

1

Static

static

1

July invoice.xlsx

windows7-x64

1

July invoice.xlsx

windows10-2004-x64

1

July invoice.xlsx

windows7-x64

1

July invoice.xlsx

windows10-2004-x64

1

Resubmissions

21/07/2023, 05:59

230721-gp7bwscc24 1

21/07/2023, 02:31

230721-cz3n8scd31 10

Sharing

Copy URL Twitter E-mail

General

  • Target

    phishing.zip

  • Size

    420KB

  • MD5

    bd6ee3bf0a1518fd29d0152d5b3c0340

  • SHA1

    ae5f86df4e0cbc9a0d74e2d2137376ab82e7d832

  • SHA256

    b0cc77d9e23a3bb9f9499741b6d36f512eda51082e2504fd758596bb164fec28

  • SHA512

    120367807088ece5b42f4db9405348e025dfd7f996b932bb698182c1ee7df8acbc1c0b477d83c265f84eb37393e79e854d7cab05fac3e5574d90973e03383c61

  • SSDEEP

    12288:GPVLIktCSRp2FMbvWFqMWDMxeCVw1cZWNEhtxbN82GBX:iLJCSRwSM+CV3bSBX

Score
1/10

Malware Config

Signatures

Files

  • phishing.zip
    .zip

    Password: sS29c#$NNJ86$G

  • DOC #2837_0888 For July INV Received.msg
    .msg

    • https://apis.mail.aol.com/ws/v3/mailboxes/@.id==VjN-TTvQtKgWtV2x8-92QMdSipQfYB3XJ1DJZdZFWmXi0zPCibIsvwHLT7XU6NKN48EnGl2LEeEb8L4Fd0GBJs5fOA/messages/@.id==AJ5qfGAYgEmFYqN9zAuQ8JzkmT8/content/parts/@.id==2/thumbnail?appid=AolMailNorrin&downloadWhenThumbnailFails=true&pid=2

    • https://apis.mail.aol.com/ws/v3/mailboxes/@.id==VjN-TTvQtKgWtV2x8-92QMdSipQfYB3XJ1DJZdZFWmXi0zPCibIsvwHLT7XU6NKN48EnGl2LEeEb8L4Fd0GBJs5fOA/messages/@.id==AJ5qfGAYgEmFYqN9zAuQ8JzkmT8/content/parts/@.id==3/thumbnail?appid=AolMailNorrin&downloadWhenThumbnailFails=true&pid=3

    • https://ecp.yusercontent.com/mail?url=http%3A%2F%2Fwww.carolinatrust.org%2Fwp-content%2Fuploads%2F2020%2F01%2FClear-logo-e1579617104270.png&t=1662067277&ymreqid=d41d8cd9-8f00-b204-1c89-5a002a01aa00&sig=nAlNmcY.W.S8_85qoWyyRg--~D

    • https://ecp.yusercontent.com/mail?url=http%3A%2F%2Fwww.carolinatrust.org%2Fwp-content%2Fuploads%2F2021%2F08%2F340-x-70.jpg&t=1662067277&ymreqid=d41d8cd9-8f00-b204-1c89-5a002a01aa00&sig=312nmqUBFmYEX3X8T0ZCzg--~D

    • https://ecp.yusercontent.com/mail?url=http%3A%2F%2Fwww.carolinatrust.org%2Fwp-content%2Fuploads%2F2021%2F08%2F340-x-70.jpg&t=1662067277&ymreqid=d41d8cd9-8f00-b204-1c89-5a002a01aa00&sig=312nmqUBFmYEX3X8T0ZCzg--~D

    • https://protect-au.mimecast.com/s/VcWeCQnzZyI6J1G4tPhu7b?domain=carolinatrust.org/

    • https://protect-au.mimecast.com/s/ijkDCWLJkGTjNL7wcmOPq1?domain=linkedin.com/

    • https://protect-au.mimecast.com/s/kdCMCYWLoKs3jWRoI3Kqgw?domain=facebook.com/

  • July invoice.xlsx
    .xlsx office2007
  • POTENTIALLY SUSPICIOUS 2938783-09888 July Tax Inv Received.msg
    .msg

    • http://aliansaonline.com

    • http://dcc.com

  • July invoice.xlsx
    .xlsx office2007