Overview

overview

4

Static

static

4

attachment-2.pdf

windows7-x64

1

attachment-2.pdf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    [Phish Alert] Koffie.eml

  • Size

    413KB

  • MD5

    50b7710e854154ad865573e80153a4b2

  • SHA1

    7a320b6aa14fee1667aa23181df9501d84d18c1f

  • SHA256

    d37ad1e7615cc574ee98e5181247fc01855a2f20879425b27b36173477386bc4

  • SHA512

    9c6fc4e71cda5c6c9b03dc25c9acc65b61ab25ddbb42fa741cf881198f79ab851796fbd21f1f866b440abbc90c881361403b23b3a8f3d6102cdd5414e0c61bf9

  • SSDEEP

    6144:SOQj7uL+Q/mzLFm5bxnt79LnaWVes+o4KUojRq9NDTAMmIOxtDqOR:S7OmzMFxnt70Rfp/KRq3fnXOR

Score
4/10
pdflink

Malware Config

Signatures

  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • [Phish Alert] Koffie.eml
    .eml

    Password: infected

  • email-html-2.txt
    .html
  • email-plain-1.txt
  • phish_alert_sp2_2.0.0.0.eml
    .eml

    Password: infected

  • attachment-2
    .eml

    Password: infected

  • email-html-1.txt
    .html
  • attachment-3
    .eml

    Password: infected

  • email-html-1.txt
    .html
  • attachment-4
    .eml

    Password: infected

  • email-html-1.txt
    .html
  • attachment-5
    .eml

    Password: infected

  • attachment-2
    .pdf

    Password: infected

    • https://noordwestziekenhuis-prod.planoncloud.com/case/BP/PUB_BS002?3

    • https://bijzijn.nwz.nl/

    • https://bijzijn.nwz.nl/Project/storingenonderhoud/

    • http://nwz.nl

  • email-html-1.txt
    .html
  • email-html-1.txt
    .html