General

  • Target

    48e3c8e836e665b453006a3a28c93783e36aeb4494d2644f4996309aaf393f0e

  • Size

    3.3MB

  • MD5

    4a61250bd5359bf9915412bfd0ad9b35

  • SHA1

    b20a47337aa708bf61d92e5822c217c89a36f2ac

  • SHA256

    48e3c8e836e665b453006a3a28c93783e36aeb4494d2644f4996309aaf393f0e

  • SHA512

    ec72cd150184b19f3577104ac1baa4042cb59c9790da4068aa67477083becfbb8223d1a000b08a1257d815261caeac84bf6909c50245e4d99ae079d1ff948e86

  • SSDEEP

    49152:JR9WAy2oEtip/ayDXRQaOmN7BdvV/v27cBHwnrERfFmfVHTBuLyn7pPEgFx8f1K2:pi2C/2vmN7bvR2/CFmxY+n1k1K2

Score
3/10

Malware Config

Signatures

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

Files

  • 48e3c8e836e665b453006a3a28c93783e36aeb4494d2644f4996309aaf393f0e
    .pdf
    • https://www.intezer.com/blog-hiddenwasp-malware-targeting-linux-systems/

    • https://analyze.intezer.com/#/analyses/2d35f5f3-5be7-4df8-b125-c08b76d17616

    • https://analyze.intezer.com/#/analyses/3379a0d7-2fd9-46b0-90f8-86200a67c0fd

    • https://medium.com/chronicle-blog/winnti-more-than-just-windows-and-gates-e4f03436031a

    • http://www.china-forensic.com/ccfc/en/

    • https://github.com/chokepoint/azazel/search?q=HIDE_THIS_SHELL&unscoped_q=HIDE_THIS_SHELL

    • https://github.com/chokepoint/azazel/blob/master/config.py

    • https://github.com/jgamblin/Mirai-Source-Code/blob/master/mirai/bot/scanner.c#L963

    • https://github.com/yaoyumeng/adore-ng

    • Show all