ThreatFox IOC Database

AndreGironda

MITRE T1566.001
Date: Wed, 19 Jan 2022 06:00-06:30 -0800
Received: from smtp99.iad3a.emailsrvr.com (173.203.187.99)
X-Auth-ID: sharoncamarillo@softcom.net
Received: by smtp13.relay.iad3a.emailsrvr.com (Authenticated sender: sharoncamarillo-AT-softcom.net) with ESMTPA id EF9DE1904; Wed, 19 Jan 2022 09:25:43 -0500 (EST)
From: "Debbie"<sharoncamarillo@softcom.net>
Subject: Invoice Order #1ZERMOK82KLO1450KL
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0015_01C2A9A6.4803084E"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-Classification-ID: b918a098-8c39-491e-bee0-15e65ddfcf10-1-1
Message-ID: <f7b3a852-0a14-4624-8154-6478596ee780@BN8NAM11FT033.eop-nam11.prod.protection.outlook.com>
To: Undisclosed recipients:;
Return-Path: sharoncamarillo@softcom.net
Attachment Name: 1ZERMOK82KLO1450KL.zip
Attachment SHA256: 894b1ba472fba3761b5b0c3adda88b2994898f6fc3108d38ab62c8addff88f0b
Unzipped ISO Name: 1ZERMOK82KLO1450KL.iso
ISO SHA256: dcc4c921b2e9653ff46cdb06bbc39b01f37115ca990346dd4f96857135cb4762
Contained VBScript Name: 1ZERMOK82KLO1450KL.vbs
VBScript SHA256: e78187122c899922fa5967bb3950dbbdf31608758de38e63d10976901f939a39
Stage 1 URL: hXXp://3[.]141.31.43/1/Ps1LOEP[.]txt
HTA Stage SHA256: b1b74b26bc36c5feb537a4331000b021f676b25c25e022a3b839e0da4c528160
Stage 2 URL: hXXp://3[.]141.31.43/1/Serverkopl[.]txt