General

  • Target

    11868402409.zip

  • Size

    45KB

  • MD5

    5ea138f1cfb61b6ca00b964e304cf16a

  • SHA1

    cf44287fc24cd41b104b7cd4bdbac6c8b8dafd8e

  • SHA256

    e71c1041b9d9e60b4d746168a2d4032dae0b009e63e74537a27b696183ca8c0c

  • SHA512

    fbf90cd511a218e462494e382fbc0f9c9957dd825fb1fb50a8a5fb25cf742c2ba80884b06211be203a00b2e707c9c1301f185686a5703e21c73fb08ea1dafeca

  • SSDEEP

    768:ZT7LojEei6zZ1GlPOMk1oQW3x12zo66MFZFNqo2KRUkfubedIxKYI6vZBXcsJJwv:Z7o5Nz6V3k4BFUFR2Km0ry2aZBcsPbO

Score
4/10

Malware Config

Signatures

  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

Files

  • 11868402409.zip
    .zip

    Password: infected

  • ad2a06733924d1fde4e795062b1a47ed11aa6f8c9c139f6007babc2b3a1aa452
    .pdf

    Password: infected

    • https://g0gi7yy3ov6420ef63dd98b.tanmah.ru/

    • https://ancolaw-1318439371.cos.na-siliconvalley.myqcloud.com/ancolaw.html

    • https://bettorcafe.sa.com/zht/Archive