Spanish malspam
Malicious website targeting Spanish internet users, serving a malicious payload
Malspam 📧 targeting Spanish users 🇪🇸
Email ➡️ geo filter ➡️ mediafire ➡️ iso ➡️ vbs
1st stage - geo filter 🛑
vmi3228488.contaboserver .net Contabo 🇩🇪
2nd stage - payload 📄
🌐 urlhaus.abuse.ch/url/3824487/
Dropped iso:
bazaar.abuse.ch/sample/faaa4...
Botnet C2:
📡 54.197.208.68 Amazon 🇺🇸