Static task
static1
Behavioral task
behavioral1
Sample
FW Your new benefits are waiting. .msg
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral2
Sample
FW Your new benefits are waiting. .msg
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral3
Sample
image001.png
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral4
Sample
image001.png
Resource
win10v2004-20230703-en
windows10-2004-x64
Behavioral task
behavioral5
Sample
image002.png
Resource
win7-20230712-en
windows7-x64
Behavioral task
behavioral6
Sample
image002.png
Resource
win10v2004-20230703-en
windows10-2004-x64
General
-
Target
FW Your new benefits are waiting. .msg
-
Size
177KB
-
MD5
ea87ace6b2b3aacdf16e443a04f213e4
-
SHA1
49650b2c34c7584b49cb9761aec41b931282e702
-
SHA256
fe7422f04e7cd73c7da9b613c32d1bb0af2533becf180d69348f8b3bca24e7d7
-
SHA512
2340974ab9a0f5571ec36547623ad36d16df53659f53f46fd26a2804c402864720b9c292f32306642d63546bffd3287a69b1e7ec2a2a605582652824f1b421d0
-
SSDEEP
3072:lH/4GzQ8TAl/4Q3E53JLTpMtUVIgeQhi:l/UVFY3JqtUV/e
Malware Config
Signatures
Files
-
FW Your new benefits are waiting. .msg.msg
-
http://Amazon.com
-
http://Hilton.com
-
http://HiltonHonors.com/MemberBenefits
-
http://h1.hilton.com
-
http://i.h1.hilton.com/wpm/666/ContentUploads/ALL_IMAGE_UPLOADS/images/Email2_Header1sec.gif
-
http://i.h1.hilton.com/wpm/666/ContentUploads/ALL_IMAGE_UPLOADS/images/Email2_Property_Animation_Once.gif
-
http://i.h1.hilton.com/wpm/666/ContentUploads/ALL_IMAGE_UPLOADS/images/Hilton_Social_Circle.png
-
http://i.h1.hilton.com/wpm/666/ContentUploads/ALL_IMAGE_UPLOADS/images/Perks_Amazon.png
-
http://i.h1.hilton.com/wpm/666/ContentUploads/ALL_IMAGE_UPLOADS/images/Perks_ChooseYourRoom.png
-
http://i.h1.hilton.com/wpm/666/ContentUploads/ALL_IMAGE_UPLOADS/images/Perks_DigitalKey.png
-
http://i.h1.hilton.com/wpm/666/ContentUploads/ALL_IMAGE_UPLOADS/images/Perks_Lyft.png
-
http://i.h1.hilton.com/wpm/666/ContentUploads/ALL_IMAGE_UPLOADS/images/Perks_Points.png
-
http://i.h1.hilton.com/wpm/666/ContentUploads/Transactional/HonorsWelcome/Email1_NextSteps_Exclamation_breadcrumb_600.png
-
http://i.h1.hilton.com/wpm/666/ContentUploads/Transactional/HonorsWelcome/Email1_NextSteps_Exclamation_gift_600.png
-
http://i.h1.hilton.com/wpm/666/ContentUploads/Transactional/HonorsWelcome/Hilton_Honors_Logo_White.png
-
http://i.h1.hilton.com/wpm/666/ContentUploads/Transactional/HonorsWelcome/Profile_Icon_White.png
-
http://i.h1.hilton.com/wpm/666/ContentUploads/Transactional/HonorsWelcome/expert_tip_top.png
-
http://i.h1.hilton.com/wpm/666/ContentUploads/Transactional/template_spacer.gif
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771469&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEvy-EvWXDo-l9BDnTDGbC-1fRvRg&x=6192000360331250846%7c331250846%7c1867219410&hp2=aca87aeec1afa10fc839d3bf5533112757ff988dcbc63ea584e8b90f6c2dc5af
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771472&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEvz-EvWXDo-l9BDnTDGbC-1Wyadi&x=6192000360331250846%7c331250846%7c1867219410&hp2=5075c566193aff4c8803c0701b97366a435a4b5edf68e78e628af96240a9b684
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771473&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEvz-EvWXDo-l9BDnTDGbC-1Wyadi&x=6192000360331250846%7c331250846%7c1867219410&hp2=ba5b920fb08b1adf41a4436bbb13fe93ce71f9240446d56b37e9718b88d87125
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771474&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwC-EvWXDo-l9BDnTDGbC-1SRBeK&x=6192000360331250846%7c331250846%7c1867219410&hp2=14a895f3ae397b2b5cf591ceae117205cbda6e41cb6ef5604cdea0890eb71ea7
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771476&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwE-EvWXDo-l9BDnTDGbC-CE4QJ&x=6192000360331250846%7c331250846%7c1867219410&hp2=06a24a22d0132d3e86aaaf04620b52c5cb13b905dfc6359ca0d250bb7620f8e7
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771480&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwH-EvWXDo-l9BDnTDGbC-5glUe&x=6192000360331250846%7c331250846%7c1867219410&hp2=98206c3ab4633b2240cab410a02249b91841296a9317d8204e06f2b6d33ab247
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771482&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771483&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410&hp2=173c075101142cf430b2396184dcdfcae0f924569db65c06dcec76010c1212e3
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771484&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410&hp2=149c28dd0f9d540e9faaf216e1fa54af2741e05ee909f80389a0153d055c5427
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771485&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410&hp2=63d58e97b15d9dd866efc1b7e4f764d051090c0896983668ee334cb5836acbd3
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771489&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410%[email protected]&hp2=b75bee6fa68adb247219213f032c39e77187cb21395e1604d7b8e35a70c20b13
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771490&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410&hp2=0cb1f286464532a97e58dc7504d03e6348c3d6cb29093b6e693550326ab4319f
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771491&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410&hp2=082e3d54e1765bf009c63fd4b24245ef030b906fdf7fd64c2705a334c6e1d591
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771492&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410&hp2=4f6c8d0e14b90f1e5145d1563736f3e7a3c64ba85a8ca82ea86641903ce07b57
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771496&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwI-EvWXDo-l9BDnTDGbC-1Jc8KR&x=6192000360331250846%7c331250846%7c1867219410&hp2=0cf8ebaea75f207e8cd316062e904db35e8aac2d4a7055b53dc2521f29f72c58
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771498&tp=i-1NGB-Ak-bge-EvWasv-1o-40NF5W-1c-EvWXDo-l9BDnTDGbC-2CVfco&x=6192000360331250846%7c331250846%7c1867219410%7c13675879085%7c144872&hp2=b3d007e22e2d19e8113f7386369f138ca12145ef6a649c4a5022d652f1704d24
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771499&tp=i-1NGB-Ak-bge-EvWasv-1o-40NF5W-1c-EvWXDo-l9BDnTDGbC-2CVfco&x=6192000360331250846%7c331250846%7c1867219410%7c13675879085%7c144872&hp2=8da798c9117576913d858f936325278f4a377d823fc2c7c45809c51de01f13a6
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771501&tp=i-1NGB-Ak-bge-EvWasv-1o-40NF5W-1c-EvWXDo-l9BDnTDGbC-2CVfco&x=331250846%7cEN%7c331250846%7c6192000360331250846%7c1867219410%7c13675879085%7c13675879085%7c144872&hp2=3f41f18a46750e7d36a8965c113dd26c21627a1078623af546139f5359fdcd5b
-
http://l.h1.hilton.com/rts/open.aspx?tp=i-1NGB-Ak-bge-EvWasv-1o-40NF5W-1c-EvWXDo-l9BDnTDGbC-2CVfco
-
http://www.movable-ink-6437.com/p/cp/09e455d6740fe510/o.gif?mi_u=1678545695
-
http://www.movable-ink-6437.com/p/cp/5b4f2095ebd67379/o.gif?mi_u=1678545695
-
http://www.movable-ink-6437.com/p/cp/acbc26088c6b6c5d/o.gif?mi_u=1678545695
-
http://www.movable-ink-6437.com/p/rp/cbcd86bb8219bb81.png?mi_u=331250846&mi_language=EN&customerid=331250846&commhistid=6192000360331250846&hhonorsid=1867219410&mi_ign=13675879085
-
https://i.h1.hilton.com/wpm/666/ContentUploads/ALL_IMAGE_UPLOADS/images/301015_template_spacer.gif
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771469&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEvy-EvWXDo-l9BDnTDGbC-1fRvRg&x=6192000360331250846%7c331250846%7c1867219410&hp2=aca87aeec1afa10fc839d3bf5533112757ff988dcbc63ea584e8b90f6c2dc5af
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771472&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEvz-EvWXDo-l9BDnTDGbC-1Wyadi&x=6192000360331250846%7c331250846%7c1867219410&hp2=5075c566193aff4c8803c0701b97366a435a4b5edf68e78e628af96240a9b684
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771473&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEvz-EvWXDo-l9BDnTDGbC-1Wyadi&x=6192000360331250846%7c331250846%7c1867219410&hp2=ba5b920fb08b1adf41a4436bbb13fe93ce71f9240446d56b37e9718b88d87125
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771474&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwC-EvWXDo-l9BDnTDGbC-1SRBeK&x=6192000360331250846%7c331250846%7c1867219410&hp2=14a895f3ae397b2b5cf591ceae117205cbda6e41cb6ef5604cdea0890eb71ea7
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771476&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwE-EvWXDo-l9BDnTDGbC-CE4QJ&x=6192000360331250846%7c331250846%7c1867219410&hp2=06a24a22d0132d3e86aaaf04620b52c5cb13b905dfc6359ca0d250bb7620f8e7
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771480&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwH-EvWXDo-l9BDnTDGbC-5glUe&x=6192000360331250846%7c331250846%7c1867219410&hp2=98206c3ab4633b2240cab410a02249b91841296a9317d8204e06f2b6d33ab247
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771482&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771483&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410&hp2=173c075101142cf430b2396184dcdfcae0f924569db65c06dcec76010c1212e3
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771484&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410&hp2=149c28dd0f9d540e9faaf216e1fa54af2741e05ee909f80389a0153d055c5427
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771485&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410&hp2=63d58e97b15d9dd866efc1b7e4f764d051090c0896983668ee334cb5836acbd3
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771489&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410%[email protected]&hp2=b75bee6fa68adb247219213f032c39e77187cb21395e1604d7b8e35a70c20b13
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771490&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410&hp2=0cb1f286464532a97e58dc7504d03e6348c3d6cb29093b6e693550326ab4319f
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771491&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410&hp2=082e3d54e1765bf009c63fd4b24245ef030b906fdf7fd64c2705a334c6e1d591
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771492&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwJ-EvWXDo-l9BDnTDGbC-2IsdR9&x=6192000360331250846%7c331250846%7c1867219410&hp2=4f6c8d0e14b90f1e5145d1563736f3e7a3c64ba85a8ca82ea86641903ce07b57
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771496&tp=i-1NHD-Ak-bge-EvWasv-1o-40NF5W-1c-yEwI-EvWXDo-l9BDnTDGbC-1Jc8KR&x=6192000360331250846%7c331250846%7c1867219410&hp2=0cf8ebaea75f207e8cd316062e904db35e8aac2d4a7055b53dc2521f29f72c58
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771498&tp=i-1NGB-Ak-bge-EvWasv-1o-40NF5W-1c-EvWXDo-l9BDnTDGbC-2CVfco&x=6192000360331250846%7c331250846%7c1867219410%7c13675879085%7c144872&hp2=b3d007e22e2d19e8113f7386369f138ca12145ef6a649c4a5022d652f1704d24
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771499&tp=i-1NGB-Ak-bge-EvWasv-1o-40NF5W-1c-EvWXDo-l9BDnTDGbC-2CVfco&x=6192000360331250846%7c331250846%7c1867219410%7c13675879085%7c144872&hp2=8da798c9117576913d858f936325278f4a377d823fc2c7c45809c51de01f13a6
-
http://l.h1.hilton.com/rts/go2.aspx?h=2771501&tp=i-1NGB-Ak-bge-EvWasv-1o-40NF5W-1c-EvWXDo-l9BDnTDGbC-2CVfco&x=331250846%7cEN%7c331250846%7c6192000360331250846%7c1867219410%7c13675879085%7c13675879085%7c144872&hp2=3f41f18a46750e7d36a8965c113dd26c21627a1078623af546139f5359fdcd5b
-
https://s.h1.hilton.com/wts/WebEvent/SetCookie.gif?tp=i-1NGB-Ak-bge-EvWasv-1o-40NF5W-1c-EvWXDo-l9BDnTDGbC-2CVfco
-
http://txdot.gov
- Show all
-
-
image001.png.png
-
image002.png.png