Overview

overview

3

Static

static

3

BStore240423.pdf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Quarantined Messages (33).zip

  • Size

    90KB

  • MD5

    ec97a43001c65a48c99e46010ffa439c

  • SHA1

    6f936487b5594a7dd92931176f55a38cb8a40fd6

  • SHA256

    5b131269a128c645b34e5f0b2283afad3f3d2e8db09e58fad18c462a2cc720a7

  • SHA512

    40351af2364cb4271474e52267fdb88348c7402707f0bbe0f83125e06579bf6c70fcd404eaad583b08b1d9ec3b89a874a6214b1d10ba022dc6a91dcb00109998

  • SSDEEP

    1536:gZ/icO8IuBvnR7OeCL8IvQ/wvsk8HH3CSdbJxfIqA5LkWRzRsnWOE01Gd1HR5xas:gZ/LvXBvYiGSI1gHbdFxfIl5LkUzenR8

Score
3/10
pdflink

Malware Config

Signatures

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • Quarantined Messages (33).zip
    .zip

    Password: infected

  • 59941a4d-eea2-403e-56a2-08db44d4a746/beb31767-f6b1-63f3-eb0b-f3d03a2c7ef1.eml
    .eml
  • BStore240423.pdf
    .pdf

    • https://easyweb.td.com/waw/ezw/servlet/com.td.easyweb.servlet.InfositeTransferOutServlet?RequestedPage=products-services/banking/index-banking.jsp

    • https://easyweb.td.com/waw/ezw/servlet/com.td.easyweb.servlet.InfositeTransferOutServlet?RequestedPage=products-services/banking/apply-index.jsp

    • https://easyweb.td.com/waw/ezw/servlet/ca.tdbank.banking.servlet.LogoffServlet

    • https://nym1-ib.adnxs.com/click?8WjjiLX45D7xaOOItfjkPgAAAEDheoQ_8WjjiLX45D7xaOOItfjkPglDVfAEPFEw1h3Yim7xViKGmEZkAAAAAKzD9gApKgAAKSoAAAIAAADZE1QZ-sIcAAAAAABVU0QAVVNEAPQCZgD08gAAAAABAQMCAAAAAMgAGC1e3AAAAAA./bcr=AAAAAAAA8D8=/cnd=%21bRHF7gjvrcMaENmn0MoBGPqFcyAEKAAxAAAAAAAAAAA6CU5ZTTI6NDY4NkCxP0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw../cca=MTA3OTMjTllNMjo0Njg2/bn=88906/clickenc=https://www.td.com/ca/en/personal-banking/ways-to-bank/ways-to-send/international-money-transfer/td-global-transfer?cm_sp=c000-40-1080

  • email-html-2.txt
    .html
  • email-plain-1.txt