General
-
Target
Quarantined Messages (4).zip
-
Size
89KB
-
MD5
8fe1271ad7aecccac99e355cce1d6ab9
-
SHA1
181a8f30467efdadb90aa5e731e7e25a61df2172
-
SHA256
6953f3726a167c278bc81219ba6024db595c0b58f4a4314c9730e42d7fe648a5
-
SHA512
700c7bc07a82f601aaf35819d0c51281ce91db57d61ebf360a70020f56b9aa04cf65d67e2f61e8c39ab9d3a5e2b40f96296caef8abaecd92bc60e66a4ce20a72
-
SSDEEP
1536:nb+SXbYgfk1gtFnpSkCEER+AEg5xfIQHOjumRZN/VHe+il11s2UXXEK4Fw/3lapV:CGF/nCEg/fIQHYHPeXlw2UXqmSYbLGrF
Malware Config
Signatures
-
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
Files
-
Quarantined Messages (4).zip
Password: infected
-
b30c1e15-2ae5-4392-65f2-08dc0bdcfc6d/2d97e674-dba4-cc7c-ad3e-e2417bb9ef09.eml
-
Beer Order Jan 2 2024.pdf
-
https://easyweb.td.com/waw/ezw/servlet/com.td.easyweb.servlet.InfositeTransferOutServlet?RequestedPage=products-services/banking/index-banking.jsp
-
https://easyweb.td.com/waw/ezw/servlet/com.td.easyweb.servlet.InfositeTransferOutServlet?RequestedPage=products-services/banking/apply-index.jsp
-
https://easyweb.td.com/waw/ezw/servlet/ca.tdbank.banking.servlet.LogoffServlet
-
https://nym1-ib.adnxs.com/click2?e=wqT_3QKaAfCBmgAAAAMAxBkFAQiBidKsBhCCt6Tot8awkDYYgdHAvfzanuQZIKyH2wcoqVQwqVQ4AkD05ai3AUj6hXNQAFoDVVNEYgNVU0Ro9AVwZnj05ZMBgAHrpQWIAQGQAQGYAQOgAQKpAfFo44i1-OQ-sQHxaOOItfjkPrkBAAAAQOF6hD_BAREUPMkB8WjjiLX45D7YAQDgAQA./s=b8209360f6ff311eec189af714e89b0fd2808e9f/bcr=AAAAAAAA8D8=/cnd=%21EhHcyQiSkM8ZEPTlqLcBGPqFcyAEKAAxAAAAAAAAAAA6CU5ZTTI6NjQxMUCtRUkAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw../cca=MTA3OTMjTllNMjo2NDEx/bn=86763/clickenc=https://www.td.com/ca/en/business-banking/merchant-solutions/pos-system/td-mobile-pos/?cm_sp=c000-20-1513
-
-
email-html-2.txt
-
email-plain-1.txt