FW_ Permit [.]eml | Triage

Resubmissions

01/09/2023, 08:38

230901-kjrk2adf3z 6

01/09/2023, 08:23

230901-kacerade7w 6

Sharing

Copy URL Twitter E-mail

General

Target

FW_ Permit .eml
Size

16.7MB
MD5

cb4426a67345cef68302d5963ab806e7
SHA1

58278756681f9eb02ed873429a3f5cb8df224d87
SHA256

27b9d4651254eb1d39070b95576e62a8f022ac3a78b765204a09c7c14994a0d2
SHA512

92f084db34cd902182c1ae8c43dfdf40d794748ce5cc60b3476fb2953a1f56258482cc9b11f40f73362cf6e79d4ad9687966a9a5b3fa2395f50ed9b81f75412b
SSDEEP

49152:ES2qFQxlcEQ2yAV0CvCIL55fxkZEq2W9ybjyMP4emebSQ6y0ZBGLmjD6Xcd7awty:O

Score

6^/10

pdf evasion link

Malware Config

Signatures

Malformed or missing cross-reference table in PDF
Malformed or missing cross-reference tables are often used to evade detection
pdf evasion

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

resource	yara_rule
static1/unpack001/Plumbing Permit 44176.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Files

FW_ Permit .eml
.eml
195 Christina St N - DWGS REviewed Approved.pdf
.pdf
195 Christina St N - PERMIT 2023-00196.pdf
.pdf
Plumbing Permit 44176.pdf
.pdf
- https://ontarioonecall.ca/
- https://ontarioonecall.ca
Untitled attachment 00288.txt
Untitled attachment 00291.txt
Untitled attachment 00294.txt
YellowInspectionList K21.pdf
.pdf
email-html-1.txt
.html