IOC Report
EFT Payment Notification - May 2_ 2024.eml

Files

File Path

Type

Category

Malicious

EFT Payment Notification - May 2_ 2024.eml

RFC 822 mail, ASCII text, with very long lines (347), with CRLF line terminators

initial sample

C:\Users\user\AppData\Local\Microsoft\FORMS\FRMCACHE.DAT

data

dropped

C:\Users\user\AppData\Local\Microsoft\Office\16.0\WebServiceCache\AllUsers\officeclient.microsoft.com\48F943CC-973B-4082-A517-9598C5352480

XML 1.0 document, ASCII text, with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-shm

data

dropped

C:\Users\user\AppData\Local\Microsoft\Office\OTele\outlook.exe.db-wal

SQLite Write-Ahead Log, version 3007000

modified

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1715106546336901500_EAA4BB55-280F-43F0-9D13-E22B7C7813F4.log

ASCII text, with very long lines (28760), with CRLF line terminators

dropped

C:\Users\user\AppData\Local\Temp\Diagnostics\OUTLOOK\App1715106546339351700_EAA4BB55-280F-43F0-9D13-E22B7C7813F4.log

data

dropped

C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_16827_20130-20240507T2029060142-6336.etl

data

modified

C:\Users\user\AppData\Roaming\Microsoft\Office\MSO3072.acl

data

dropped

C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst

Microsoft Outlook email folder (>=2003)

dropped

C:\Users\user\Documents\Outlook Files\~Outlook Data File - NoEmail.pst.tmp

data

dropped

IPs

IP

Domain

Country

Malicious

52.113.194.132

unknown

United States

52.109.52.131

unknown

United States

20.189.173.7

unknown

United States