General
-
Target
fwd3259q123v (1).zip.7z
-
Size
1.3MB
-
MD5
d282c2c418fb6c565665ad6cdfce9267
-
SHA1
53bb3e8b4135953c91c1f96072bf18c0b6b2eabd
-
SHA256
0712bc1bc6e9699965bd1c4f831620864e3fe9bcb97d5598138e9c176bfdac91
-
SHA512
f220c310070c9587c42b8ed68b643bb4bb6498dc06259c5605a277c4626df7142c3dee3f040382a8b6ea1faa1d3a3ee38bb687ad80c60c337a847ec3a16d6a1b
-
SSDEEP
24576:hbrD63m1ig1vIcgkQjuWSMYw5b+hSiZ+LLLB85J3deBagMRZIHEZ0OigBz5Q70UW:hfu3m1PI/gWpj5ihSoeLK5t8B6ZF9ige
Malware Config
Signatures
-
HTTP links in PDF interactive object 2 IoCs
Detects HTTP links in interactive objects within PDF files.
-
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
Files
-
fwd3259q123v (1).zip.7z
Password: infected
-
fwd3259q123v (1).zip
Password: infected
-
FC0015360_0042910545248.pdf
Password: infected
-
https://www.statefarm.com/claims/claims-help
-
http://www.statefarm.com/?cmpid=em:formscorr:selfserv
-
http://iaai.com
-
http://en-USwww.statefarm.com/claims/claims-helpen-US
-
http://en-USstatefarm.com
-
-
FC0015363_0042663219444.pdf
Password: infected
-
http://www.dfs.ny.gov/consumer/fileacomplaint.htm
-
http://www.statefarm.com/?cmpid=em:formscorr:selfserv
-
http://www.dfs.ny.gov/consumer/fileacomplaint.htmen-US
-
http://en-USstatefarm.com
-
-
NY TItle - Customer Sample.pdf
Password: infected
-
UPS Label For Signed Title.pdf
Password: infected
-
Vehicle Evaluation.pdf
Password: infected
-
http://nicb.org
-
-
image001.png
Password: infected
-
image002.png
Password: infected