Behavioral task
behavioral1
Sample
ad2a06733924d1fde4e795062b1a47ed11aa6f8c9c139f6007babc2b3a1aa452.pdf
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
ad2a06733924d1fde4e795062b1a47ed11aa6f8c9c139f6007babc2b3a1aa452.pdf
Resource
win10v2004-20230915-en
General
-
Target
11868402409.zip
-
Size
45KB
-
MD5
5ea138f1cfb61b6ca00b964e304cf16a
-
SHA1
cf44287fc24cd41b104b7cd4bdbac6c8b8dafd8e
-
SHA256
e71c1041b9d9e60b4d746168a2d4032dae0b009e63e74537a27b696183ca8c0c
-
SHA512
fbf90cd511a218e462494e382fbc0f9c9957dd825fb1fb50a8a5fb25cf742c2ba80884b06211be203a00b2e707c9c1301f185686a5703e21c73fb08ea1dafeca
-
SSDEEP
768:ZT7LojEei6zZ1GlPOMk1oQW3x12zo66MFZFNqo2KRUkfubedIxKYI6vZBXcsJJwv:Z7o5Nz6V3k4BFUFR2Km0ry2aZBcsPbO
Malware Config
Signatures
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
resource yara_rule static1/unpack001/ad2a06733924d1fde4e795062b1a47ed11aa6f8c9c139f6007babc2b3a1aa452 pdf_with_link_action
Files
-
11868402409.zip.zip
Password: infected
-
ad2a06733924d1fde4e795062b1a47ed11aa6f8c9c139f6007babc2b3a1aa452.pdf
Password: infected
-
https://g0gi7yy3ov6420ef63dd98b.tanmah.ru/
-
https://ancolaw-1318439371.cos.na-siliconvalley.myqcloud.com/ancolaw.html
-
https://bettorcafe.sa.com/zht/Archive
-