Void Rabisu Targets Female Political Leaders with New Slimmed-Down ROMCOM Variant

Network
====================================================================================================================================================================
URL														Description
hXXps://onedrive.live[.]com/?authkey=%21AAdO%2Di5%2DikrnuaA&id=79E2A760F4732317%21106&cid=79E2A760F4732317	OneDrive folder hosting ROMCOM downloader
wplsummit.com													Fake WPL Summit 2023 page
https://mctelemetryzone.com/favicon.ico										Second stage downloader
netstaticsinformation.com											ROMCOM C&C 
redditanalytics.pm												ROMCOM modules
wirelessvezion.com												Suspected ROMCOM C&C (CHECK)
budgetnews.org													ROMCOM C&C
pap-cut.com													Malware hosting
speedymarker.com												SEO domain
kayakahead.net													SEO domain

Files
====================================================================================================================================================================
SHA-256									File name						Description
4f66d6ec70a49aaddb8018af1bf859284a6a4a27eb2615c80a32d5c7c156e476	Unpublished Pictures 1-20230802T122531-002-sfx.exe	First stage downloader
4299c16e11a725dd2ac9468c5c0aabf94ea5a90d2232810c19ba13b35b3708f9	favicon.ico						Second stage downloader (encrypted)
3c014d59cf22acbd062a4e2cab8cb8ede7127b6a69af9db45a7dcefde866369a	favicon.ico						Second stage downloader (decrypted)
41e995a8554fb6e4160d0e445856221ece2117a2b030012ead9efe76611bdc14	Security.dll						Third stage malware
d1ca5349da287dbb13a1ea2a2982d23e6ce34ed822baee7468ce1980a4179d42	OneDriveService.dll					Third stage malware
83448756a4cafbfd784d36add719cffa65b912e550d3a5fd63d407201c6ff94c	pcmf-installer-23.0.5.exe				ROMCOM 3.0 downloader

Other notes
====================================================================================================================================================================
Elbor LLC (company name used to sign malware)