Overview

overview

3

Static

static

3

PastedGraphic-1.ps1

windows7-x64

3

PastedGraphic-1.ps1

windows10-2004-x64

1

payment 12...24.pdf

windows7-x64

1

payment 12...24.pdf

windows10-2004-x64

1

Resubmissions

13/03/2024, 14:50

240313-r7ysksff71 3

13/03/2024, 14:39

240313-rz9vwahb95 3

Sharing

Copy URL Twitter E-mail

General

  • Target

    Quarantined Messages (29).zip

  • Size

    281KB

  • MD5

    32c04d2976f0bf2e114ca2fe1ebbd020

  • SHA1

    61f7a6ab95f536bf21163e42e4115523bfb19a43

  • SHA256

    f6a83ebd2ad38f63c00b3d01dc7157f525b71439b2eb6bf74cd64c5965f3546c

  • SHA512

    7137c27c04d1169319b814ba945aebe637207e754fa805e7f6962c5d21e0db512fe2c055c6ccc3ae4c3ae8e43aa77341d87a19ddb86e30ffc40fc644f76ca37a

  • SSDEEP

    6144:cSq71HLCLXI8tfbtGxlZ/f2RG6co5eIG58jSxXRca1JBL:bq7eI8BbtGx7fo5XS7B

Score
3/10
pdflink

Malware Config

Signatures

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • Quarantined Messages (29).zip
    .zip

    Password: infected

  • ff9df4b1-cb7c-4735-94d1-08dc420c9f44/c5b2751c-30b1-a264-016e-31f7169f040e.eml
    .eml

    Password: infected

    • http://www.electricdinerhamilton.com

  • PastedGraphic-1.pdf
    .pdf .ps1 polyglot
  • email-html-2.txt
    .html
  • email-html-3.txt
    .html
  • email-html-4.txt
    .html
  • email-plain-1.txt
  • payment 1268075 03112024.pdf
    .pdf

    Password: infected

    • https://easyweb.td.com/waw/ezw/servlet/com.td.easyweb.servlet.InfositeTransferOutServlet?RequestedPage=products-services/banking/index-banking.jsp

    • https://easyweb.td.com/waw/ezw/servlet/com.td.easyweb.servlet.InfositeTransferOutServlet?RequestedPage=products-services/banking/apply-index.jsp

    • https://easyweb.td.com/waw/ezw/servlet/ca.tdbank.banking.servlet.LogoffServlet