General
-
Target
https://auth.services.adobe.com/en_US/deeplink.html?deeplink=ssofirst&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FEchoSign2%2FAdobeID%2Fcode%3Fredirect_uri%3Dhttps%253A%252F%252Fsecure.na4.echosign.com%252Fpublic%252FacceptGpsInvite%253Ftoken%253DCBNCKBAAHBCAABAAsWJCK97PCC3hG5KvDN7rkdxyFm9Fnrdi%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=EchoSign2&scope=openid%2Creauthenticated%2CAdobeID&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FEchoSign2%3Fredirect_uri%3Dhttps%253A%252F%252Fsecure.na4.echosign.com%252Fpublic%252FacceptGpsInvite%253Ftoken%253DCBNCKBAAHBCAABAAsWJCK97PCC3hG5KvDN7rkdxyFm9Fnrdi%26response_type%3Dcode&relay=f6090dcc-714b-4d56-b9c4-6798291d9669&locale=en_US&flow_type=code&dc=true&puser=jfritts%40lifeshareok.org&eu=true&dctx_id=adobe_document_cloud&idp_flow_type=login&reauthenticate=force&ab_test=signin-get-help&s_p=google%2Cfacebook%2Capple#/deeplink
-
Sample
220912-r9d6ysdeb8
Malware Config
Targets
-
-
Target
https://auth.services.adobe.com/en_US/deeplink.html?deeplink=ssofirst&callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fadobeid%2FEchoSign2%2FAdobeID%2Fcode%3Fredirect_uri%3Dhttps%253A%252F%252Fsecure.na4.echosign.com%252Fpublic%252FacceptGpsInvite%253Ftoken%253DCBNCKBAAHBCAABAAsWJCK97PCC3hG5KvDN7rkdxyFm9Fnrdi%26code_challenge_method%3Dplain%26use_ms_for_expiry%3Dtrue&client_id=EchoSign2&scope=openid%2Creauthenticated%2CAdobeID&denied_callback=https%3A%2F%2Fims-na1.adobelogin.com%2Fims%2Fdenied%2FEchoSign2%3Fredirect_uri%3Dhttps%253A%252F%252Fsecure.na4.echosign.com%252Fpublic%252FacceptGpsInvite%253Ftoken%253DCBNCKBAAHBCAABAAsWJCK97PCC3hG5KvDN7rkdxyFm9Fnrdi%26response_type%3Dcode&relay=f6090dcc-714b-4d56-b9c4-6798291d9669&locale=en_US&flow_type=code&dc=true&puser=jfritts%40lifeshareok.org&eu=true&dctx_id=adobe_document_cloud&idp_flow_type=login&reauthenticate=force&ab_test=signin-get-help&s_p=google%2Cfacebook%2Capple#/deeplink
Score10/10-
Detected adobe phishing page
-
Executes dropped EXE
-