General
-
Target
Quarantined Messages (4).zip
-
Size
72KB
-
MD5
876a1a848daeba1cbebcb3b840b21e42
-
SHA1
1e11f20d0911474e8bd0bb2d58f9f9fdb9da95a8
-
SHA256
a79d63375d0b2c83421c52dcaced7751b92bd2690535a766b59369dfd7e446ff
-
SHA512
59622affa052a34bc4a88104643ddd90b5e52a7c5b0ce819d189d44a2e77d6150e6ac91c70470ad22976aa3bb43359b37fa97324eb097718745a235f645dfa43
-
SSDEEP
1536:n+lanzkDJkpXHycHLbaZ3YIUY4UZqe2MsWseMgxfarvcrWY3:n+kzkDcHycHLUowqeRsWsedabS3
Malware Config
Signatures
-
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
Files
-
Quarantined Messages (4).zip
Password: infected
-
2f72d538-6f35-4267-d131-08dba7d9d642/ced88ec1-f107-5a6b-b2c5-eea12ed64221.eml
-
http://www.carletongolf.com/
-
http://www.carletongolf.com
-
https://www.facebook.com/carletongolfandyachtclub/
-
https://twitter.com/carleton_golf
-
https://www.instagram.com/carletongolf
-
-
Pay Canadian Bills.pdf
-
https://easyweb.td.com/waw/ezw/servlet/com.td.easyweb.servlet.InfositeTransferOutServlet?RequestedPage=products-services/banking/index-banking.jsp
-
https://easyweb.td.com/waw/ezw/servlet/com.td.easyweb.servlet.InfositeTransferOutServlet?RequestedPage=products-services/banking/apply-index.jsp
-
https://easyweb.td.com/waw/ezw/servlet/ca.tdbank.banking.servlet.LogoffServlet
-
-
email-html-2.txt
-
email-plain-1.txt
-
image001.jpg
-
image002.png
-
image003.png
-
image004.png