Overview

overview

5

Static

static

4

triage-rep...ro.zip

windows7-x64

1

triage-rep...ro.zip

windows10-2004-x64

1

triage-rep...C].pdf

windows7-x64

1

triage-rep...C].pdf

windows10-2004-x64

1

triage-rep...dy.txt

windows7-x64

1

triage-rep...dy.txt

windows10-2004-x64

1

triage-rep...rs.eml

windows7-x64

5

triage-rep...rs.eml

windows10-2004-x64

3

triage-rep...aw.eml

windows7-x64

5

triage-rep...aw.eml

windows10-2004-x64

3

[RBC].pdf

windows7-x64

1

[RBC].pdf

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

triage-rep...ls.txt

windows7-x64

1

triage-rep...ls.txt

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    triage-report_16544-rbcsupportclient_AT_alboconstruct_ro.zip

  • Size

    55KB

  • MD5

    f7032d7cb9b3c76a27038e81626e3834

  • SHA1

    f6bf016f7f07a4e40f0aec69955161c40798cead

  • SHA256

    b83991e60274d3a77fc727e22b18cded0a11919f67371d9f74366785a4ae5ea7

  • SHA512

    8c4b5b642987bb19fc1cf80ed97c6b69aa7eec30405d6edff6ecf90754f8368dae4d3d75f835edfcce84a41da36553bf241538495c4671f74a1576938a9d5179

  • SSDEEP

    1536:dZyS0+L6Lt4QLD1uTTAIgKrG2LqEPuz5I:dZ90B8Tc2rGD8uz5I

Score
4/10
pdflink

Malware Config

Signatures

  • HTTP links in PDF interactive object 2 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • triage-report_16544-rbcsupportclient_AT_alboconstruct_ro.zip
    .zip
  • triage-report_16544-rbcsupportclient_AT_alboconstruct_ro/attachments/[RBC].pdf
    .pdf

    • http://8.219.103.53/confirmation

  • triage-report_16544-rbcsupportclient_AT_alboconstruct_ro/body.txt
  • triage-report_16544-rbcsupportclient_AT_alboconstruct_ro/headers.txt
    .eml
  • triage-report_16544-rbcsupportclient_AT_alboconstruct_ro/raw.eml
    .eml
  • [RBC].pdf
    .pdf

    • http://8.219.103.53/confirmation

  • email-plain-1.txt
  • triage-report_16544-rbcsupportclient_AT_alboconstruct_ro/urls.txt