General
-
Target
Mail.Detailsview#.92713570.pdf
-
Size
172KB
-
MD5
173001a76322f13c8bc5bd7dc139fd80
-
SHA1
a4814a761c251600be096bc7df5d3117c8dc8313
-
SHA256
cd7f7aec3ee28daa6501a036d9916d62f182446f21c33ac6ffa3166cc3927d54
-
SHA512
b4ffd214cb23b363da1ae7a503934f5aa35e3c12179d325e3727ba35d445c1f84aa0b37eeca318d34683521908d3879822b9e18bce7b3f5dee51cad4c3d541f6
-
SSDEEP
3072:BdDzkjnfLLRWB4FfDZjClholE2zg/Jugdu8ZwqUn51Fnc6hZ1JLRL3XKBSi:BdDzMnfL91Ff1ClUBc/JfU8ZwBn5fhZm
Malware Config
Signatures
-
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
Files
-
Mail.Detailsview#.92713570.pdf
-
http://wsoftware.biz/v?opparams=%253F&dsh=S660310599939196015643450627928&app_domain=https%3A%2F%2Fauth0.openai.com&client_id=799222349882-ne3i0s9jdm5s0p7ll2d7tlsi1vc1halt.apps.googleusercontent.com&continue=https%3A%2F%2Faccounts.google.com%2Fsignin%2Foauth%2Fconsent%3Fauthuser%3Dunknown%26part%3DAJi8hAOdS1X1LiYgwLX2cXGGbp7qVSLC342s0uieUL4uI_ASCH5ERyhCIID5hlF8EZUKEvq5uI8GIH0XSrL8MMYqdTElBb7plcK3x4TM9MwAkJtHyGfIgwCCw8pj1qSu_NB-kH0GAuTyFn6_rfMDzEhBR_PbddH_T71niYs_t0-5ClH85OhIeRE3pGQuwEvcFqkW18-enLfVKpK3XUARMeant7RIX9BqVP14TNYScCbDZO40sJfQfF1ox-DItRDOlfhEmUUm1ZdhmLDbK5QwJL-HGLT3ScUQCSjTF1S5dlNZ3wk9hGBuTB_NE7zBVmZI6tms23mzRBG94wSdAxpZFJP1W3zUCBGigneJ5JZ2z4FlZ7VqvR8dOW9zfOvuRreVjV1uxTyT21eKBvXP7NNXwL3jsDXRWRM0zR0DnmvuSSw5t-ZbCQNy6X1VGqoAbbg4V7XNrUSPJzsuvsUaG1ExLePAMJYTEX9Knw%26as%3DS352542799%253A1694021821681928%26client_id%3D799222349882-ne3i0s9jdm5s0p7ll2d7tlsi1vc1halt.apps.googleusercontent.com%23&flowName=GeneralOAuthFlow&o2v=1&prompt=login&rart=ANgoxcdE44trpKQS5xOMPdAEgMq9UzasGFL0bwMDgm1_zTXa40FlFehfYE3v1XX-NJbJf6KpO-75adJbrY8_FnWkdiaOyGltkw&redirect_uri=https%3A%2F%2Fauth0.openai.com%2Flogin%2Fcallback&response_type=code&scope=email+profile&service=lso&state=iX418Zd61jrJZht5KXNZ6dAsV7F3cMPZ
-