Overview

overview

8

Static

static

8

RM1CA00056...x.xlsx

windows7-x64

1

RM1CA00056...x.xlsx

windows10-2004-x64

1

RM1CA00056...x.xlsx

windows7-x64

1

RM1CA00056...x.xlsx

windows10-2004-x64

1

RM1CA00056...04.pdf

windows7-x64

1

RM1CA00056...04.pdf

windows10-2004-x64

1

RM1CA00056...x.xlsx

windows7-x64

1

RM1CA00056...x.xlsx

windows10-2004-x64

1

RM1CA00056...x.docx

windows7-x64

4

RM1CA00056...x.docx

windows10-2004-x64

1

RM1CA00056...m.xlsm

windows7-x64

1

RM1CA00056...m.xlsm

windows10-2004-x64

1

RM1CA00056...DF.pdf

windows7-x64

1

RM1CA00056...DF.pdf

windows10-2004-x64

1

RM1CA00056...1).pdf

windows7-x64

1

RM1CA00056...1).pdf

windows10-2004-x64

1

RM1CA00056...DF.pdf

windows7-x64

1

RM1CA00056...DF.pdf

windows10-2004-x64

1

RM1CA00056...DF.pdf

windows7-x64

1

RM1CA00056...DF.pdf

windows10-2004-x64

1

RM1CA00056...1).pdf

windows7-x64

1

RM1CA00056...1).pdf

windows10-2004-x64

1

RM1CA00056...DF.pdf

windows7-x64

1

RM1CA00056...DF.pdf

windows10-2004-x64

1

RM1CA00056...DF.pdf

windows7-x64

1

RM1CA00056...DF.pdf

windows10-2004-x64

1

RM1CA00056...x.xlsx

windows7-x64

1

RM1CA00056...x.xlsx

windows10-2004-x64

1

RM1CA00056...1).pdf

windows7-x64

1

RM1CA00056...1).pdf

windows10-2004-x64

1

RM1CA00056...0).pdf

windows7-x64

1

RM1CA00056...0).pdf

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    RM1CA00056-211.zip

  • Size

    31.3MB

  • MD5

    fb6f65b1012b0f98c504489ffee91faa

  • SHA1

    e25b118827ebdbdab64e19764273e6b69bf5a671

  • SHA256

    9237017ee1170400edcbbbf624da0bbd6f804153cfbe1d6bf2080747b8823a9a

  • SHA512

    2948c56acb74d180f075ff9981d0987d7862ca222b98efb9b3066c720f471a2df523b79049d2004a61f5075379a6e682426fd3f649a58d4d0d0ed1edd7cc5a07

  • SSDEEP

    786432:9msTd1FFpn6ZAC8C6D4P1/BXg6JXq/m52kfYCoxTrHhd+satET:9dvFbYAdf4/BXg21erH7nT

Score
8/10
pdflinkmacro

Malware Config

Signatures

  • Suspicious Office macro 1 IoCs

    Office document equipped with macros.

    macro
  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

    pdflink
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • RM1CA00056-211.zip
    .zip
  • RM1CA00056-211/(Auto) Southland Transit Loss Run Master File xlsx.xlsx
    .xlsx office2007
  • RM1CA00056-211/(WC) Southland Loss Run Master File xlsx.xlsx
    .xlsx office2007
  • RM1CA00056-211/154904.pdf
    .pdf

    • http://mcgriffinsurance.com

    • http://everestre.com

  • RM1CA00056-211/20-22 AUT Loss Runs Request on Southland Transit Inc.msg
    .msg .pdf polyglot

    • http://everestre.com

    • http://www.everestre.com

    • https://twitter.com/EverestIns

    • https://www.linkedin.com/company/everest-insurance-co

  • CorpLossRun - 2021-11-18T154312.421.PDF
    .pdf
  • CorpLossRun - 2021-11-18T154413.693.PDF
    .pdf
  • image001.png
    .png
  • RM1CA00056-211/2021 Estimated Payroll xlsx.xlsx
    .xlsx office2007
  • RM1CA00056-211/2D4A033C-2973-4FE0-8E6F-F74CFDF55077 docx.docx
    .docx office2007
  • RM1CA00056-211/Company Placement Tool xlsm.xlsm
    .xlsm office2007

    WCCoModule

    Sheet1

    ThisWorkbook

    Sheet2

    Sheet3

    Sheet4

    GLCoModule

    Sheet5

    Sheet6

    AutoCoModule

    Module1

    UserForm1

    Sheet7

    Module2

    UserForm2

    Sheet8

    Sheet10

  • RM1CA00056-211/CorpLossRun - 2021-11-18T154312 421 PDF.pdf
    .pdf
  • RM1CA00056-211/CorpLossRun - 2021-11-18T154312 421 pdf(1).pdf
    .pdf
  • RM1CA00056-211/CorpLossRun - 2021-11-18T154413 693 PDF.pdf
    .pdf
  • RM1CA00056-211/CorpLossRun - 2021-12-27T115746 646 PDF.pdf
    .pdf
  • RM1CA00056-211/CorpLossRun - 2021-12-27T115746 646 pdf(1).pdf
    .pdf
  • RM1CA00056-211/CorpLossRun - 2021-12-27T115813 533 PDF.pdf
    .pdf
  • RM1CA00056-211/CorpLossRun - 2021-12-27T115847 118 PDF.pdf
    .pdf
  • RM1CA00056-211/Current Schedule xlsx.xlsx
    .xlsx office2007
  • RM1CA00056-211/Everest Loss Runs pdf(1).pdf
    .pdf
  • RM1CA00056-211/Everest Loss Runs pdf(10).pdf
    .pdf
  • RM1CA00056-211/Everest Loss Runs pdf(2).pdf
    .pdf
  • RM1CA00056-211/Everest Loss Runs pdf(3).pdf
    .pdf
  • RM1CA00056-211/Everest Loss Runs pdf(4).pdf
    .pdf
  • RM1CA00056-211/Everest Loss Runs pdf(5).pdf
    .pdf
  • RM1CA00056-211/Everest Loss Runs pdf(6).pdf
    .pdf
  • RM1CA00056-211/Everest Loss Runs pdf(7).pdf
    .pdf
  • RM1CA00056-211/Everest Loss Runs pdf(8).pdf
    .pdf
  • RM1CA00056-211/Everest Loss Runs pdf(9).pdf
    .pdf
  • RM1CA00056-211/Everest Loss Runs pdf.pdf
    .pdf
  • RM1CA00056-211/Everest Southland AU WC Loss Runs xlsx.xlsx
    .xlsx office2007
  • RM1CA00056-211/Experian pdf(1).pdf
    .pdf
  • RM1CA00056-211/Experian pdf(2).pdf
    .pdf
  • RM1CA00056-211/Experian pdf(3).pdf
    .pdf
  • RM1CA00056-211/Experian pdf(4).pdf
    .pdf
  • RM1CA00056-211/Experian pdf.pdf
    .pdf
  • RM1CA00056-211/FW 20-22 21-22 AUT 20-21 WC Loss Runs Request on Southland Transit Inc.html
  • RM1CA00056-211/FW 20-22 AUT Loss Runs Request on Southland Transit Inc(1).html
  • RM1CA00056-211/FW 20-22 AUT Loss Runs Request on Southland Transit Inc.html
  • RM1CA00056-211/FW Southland Transit Inc AUTO RM1CA00056-211 Need Auto AI Specific Entity Endorsement.html
  • RM1CA00056-211/Fwd Southland Touch Point in renewal process.html
  • RM1CA00056-211/IMPORTED FROM PDF PRINT DRIVER PDF.pdf
    .pdf
  • RM1CA00056-211/IMPORTED FROM PDF PRINT DRIVER.pdf
    .pdf
  • RM1CA00056-211/Loss Run Request(1).pdf
    .pdf
  • RM1CA00056-211/Loss Run Request(2).pdf
    .pdf
  • RM1CA00056-211/Loss Run Request(3).pdf
    .pdf
  • RM1CA00056-211/Loss Run Request(4).pdf
    .pdf
  • RM1CA00056-211/Loss Run Request(5).pdf
    .pdf
  • RM1CA00056-211/Loss Run Request(6).pdf
    .pdf
  • RM1CA00056-211/Loss Run Request.pdf
    .pdf
  • RM1CA00056-211/Loss Run pdf.pdf
    .pdf
  • RM1CA00056-211/Loss Runs Southland Transit Inc.msg
    .msg .pdf polyglot
  • RM1CA00056-211/Note.html
    .html
  • RM1CA00056-211/Order to bind - Southland Transit - 2 14 21.html
    .html
  • RM1CA00056-211/Page88866939.pdf
    .pdf
  • RM1CA00056-211/Page88866954.pdf
    .pdf
  • RM1CA00056-211/Page90589941.pdf
    .pdf
  • RM1CA00056-211/Page90589942.docx
    .docx office2007
  • RM1CA00056-211/Page90589943.pdf
    .pdf
  • RM1CA00056-211/Page90589944.xlsx
    .xlsx office2007
  • RM1CA00056-211/Page90589945.pdf
    .pdf
  • RM1CA00056-211/Page90589946.docm
    .docm office2007

    ThisDocument

    PWSpellCheck

    PWCode

  • RM1CA00056-211/Page90589947.pdf
    .pdf
  • RM1CA00056-211/Page90589948.pdf
    .pdf
  • RM1CA00056-211/Page90589949.pdf
    .pdf
  • RM1CA00056-211/Page90589950.pdf
    .pdf
  • RM1CA00056-211/Page90589951.pdf
    .pdf
  • RM1CA00056-211/Page90589952.pdf
    .pdf
  • RM1CA00056-211/Page90589953.pdf
    .pdf
  • RM1CA00056-211/Page90589954.pdf
    .pdf
  • RM1CA00056-211/Page90589955.pdf
    .pdf
  • RM1CA00056-211/Page90589956.pdf
    .pdf
  • RM1CA00056-211/Page90589957.pdf
    .pdf
  • RM1CA00056-211/Page90589958.pdf
    .pdf
  • RM1CA00056-211/Page90589959.pdf
    .pdf
  • RM1CA00056-211/Page90589960.pdf
    .pdf
  • RM1CA00056-211/Page90589961.pdf
    .pdf
  • RM1CA00056-211/Page90589962.pdf
    .pdf
  • RM1CA00056-211/Page90589963.pdf
    .pdf
  • RM1CA00056-211/Page90589964.pdf
    .pdf
  • RM1CA00056-211/Page90589965.pdf
    .pdf
  • RM1CA00056-211/Page90589966.pdf
    .pdf
  • RM1CA00056-211/Page90589967.xlsx
    .xlsx office2007
  • RM1CA00056-211/Page90589968.pdf
    .pdf
  • RM1CA00056-211/Page90589969.pdf
    .pdf
  • RM1CA00056-211/Page90589970.xlsx
    .xlsx office2007
  • RM1CA00056-211/Page90589971.pdf
    .pdf
  • RM1CA00056-211/Page90589972.pdf
    .pdf
  • RM1CA00056-211/Page90589973.pdf
    .pdf
  • RM1CA00056-211/Page90589974.pdf
    .pdf
  • RM1CA00056-211/Page90589975.pdf
    .pdf
  • RM1CA00056-211/Page90589976.pdf
    .pdf
  • RM1CA00056-211/Page90589977.pdf
    .pdf
  • RM1CA00056-211/Page90589978.pdf
    .pdf
  • RM1CA00056-211/Page90589979.pdf
    .pdf
  • RM1CA00056-211/Page90589980.pdf
    .pdf
  • RM1CA00056-211/Page90589981.pdf
    .pdf
  • RM1CA00056-211/Page90589982.pdf
    .pdf
  • RM1CA00056-211/Page90589983.pdf
    .pdf
  • RM1CA00056-211/Page90589984.pdf
    .pdf
  • RM1CA00056-211/Page90589985.pdf
    .pdf
  • RM1CA00056-211/Page90589986.pdf
    .pdf
  • RM1CA00056-211/Page90589987.pdf
    .pdf
  • RM1CA00056-211/Page90589988.pdf
    .pdf
  • RM1CA00056-211/Page90589989.pdf
    .pdf
  • RM1CA00056-211/Page94517677.pdf
    .pdf
  • RM1CA00056-211/RE Southland 21-22 Monthly reporting.html
  • RM1CA00056-211/RM1CA00055-211 - Policy (Agent Copy) pdf.pdf
    .pdf .ps1 polyglot
  • RM1CA00056-211/RM1CA00055-211 - Policy (Insured Copy) pdf.pdf
    .pdf
  • RM1CA00056-211/RM1CA00055-211 PDF.pdf
    .pdf
  • RM1CA00056-211/RM1CA00056-211 - Installment Schedule PDF.pdf
    .pdf
  • RM1CA00056-211/RM1CA00056-211 - Moreno Valley ECA 04 521 pdf.pdf
    .pdf
  • RM1CA00056-211/RM1CA00056-211 - Policy (Agent Copy) pdf.pdf
    .pdf .ps1 polyglot
  • RM1CA00056-211/RM1CA00056-211 - Policy (Insured Copy) pdf.pdf
    .pdf
  • RM1CA00056-211/RM1CA00056-211 - Policy Preview pdf.pdf
    .pdf .ps1 polyglot
  • RM1CA00056-211/RM1CA00056-211 PDF.pdf
    .pdf
  • RM1CA00056-211/RM1CA00056-211.pdf
    .pdf
  • RM1CA00056-211/RM1WC00066-211 - Policy (Agent Copy) pdf.pdf
    .pdf .ps1 polyglot
  • RM1CA00056-211/RM1WC00066-211 - Policy (Insured Copy) pdf.pdf
    .pdf
  • RM1CA00056-211/Rate Sheet pdf(1).pdf
    .pdf
  • RM1CA00056-211/Rate Sheet pdf(2).pdf
    .pdf
  • RM1CA00056-211/Rate Sheet pdf.pdf
    .pdf
  • RM1CA00056-211/Rating for Southland Transit xlsm.xlsm
    .xlsm office2007

    Module1

    ThisWorkbook

    Sheet2

    Sheet3

    Sheet4

    Sheet9

    Sheet8

    Sheet1

    Sheet5

    Sheet6

    Sheet7

    Module2

    Sheet10

    Sheet11

    Sheet12

  • RM1CA00056-211/Request for renewal quote - Southland Transit et al 2 14 21(1).html
    .html
  • RM1CA00056-211/Request for renewal quote - Southland Transit et al 2 14 21.html
    .html
  • RM1CA00056-211/Southland 2021 $2m Bus Only AL Binder pdf.pdf
    .pdf
  • RM1CA00056-211/Southland 2021 Binder pdf.pdf
    .pdf
  • RM1CA00056-211/Southland Directory docx.docx
    .docx office2007
  • RM1CA00056-211/Southland Transit Inc - 57436 pdf.pdf
    .pdf
  • RM1CA00056-211/Southland Transit Inc AUTO RM1CA00056-211 Need Auto AI Specific Entity Endorsement.html
    .html
  • RM1CA00056-211/Southland Transit - Busses Only $2M CSL Policy.html
    .html
  • RM1CA00056-211/Southland Transit - Commercial Auto Policies.html
    .html
  • RM1CA00056-211/Southland Transit Inc RM1CA00056-211.msg
    .msg .pdf polyglot
  • RM1CA00056-211/Southland Transit Inc Loss Runs Request.msg
    .msg .pdf polyglot
  • RM1CA00056-211/Southland Transit Inc - RM1CA00056-211 - Premium Adjustment Notice pdf.pdf
    .pdf
  • RM1CA00056-211/Southland Transit Inc.html
    .html
  • RM1CA00056-211/Southland Transit Loss Run(1).msg
    .msg .pdf polyglot
  • RM1CA00056-211/Southland Transit Loss Run(2).msg
    .msg .pdf polyglot
  • RM1CA00056-211/Southland Transit Loss Run(3).msg
    .msg .pdf polyglot
  • RM1CA00056-211/Southland Transit Loss Run(4).msg
    .msg .pdf polyglot
  • RM1CA00056-211/Southland Transit Loss Run(5).msg
    .msg
  • RM1CA00056-211/Southland Transit Loss Run(6).msg
    .msg .pdf polyglot
  • RM1CA00056-211/Southland Transit Loss Run.msg
    .msg .pdf polyglot
  • RM1CA00056-211/Southland Transit Summary & Next Steps (Auto).html
  • RM1CA00056-211/Southland Transits Risk Management Summary xlsx.xlsx
    .xlsx office2007
  • RM1CA00056-211/TL1CA00003-201 PDF.pdf
    .pdf
  • RM1CA00056-211/Vehicle list for submission with type for Tyler xlsx.xlsx
    .xlsx office2007
  • RM1CA00056-211/image001 png(1).png
    .png
  • RM1CA00056-211/image001 png(2).png
    .png
  • RM1CA00056-211/image001 png(3).png
    .png
  • RM1CA00056-211/image001 png(4).png
    .png
  • RM1CA00056-211/image001 png.png
    .png
  • RM1CA00056-211/image002 jpg.jpg
    .jpg
  • RM1CA00056-211/image002 png(1).png
    .png
  • RM1CA00056-211/image002 png.png
    .png
  • RM1CA00056-211/image003 png.png
    .png
  • RM1CA00056-211/image004 png.png
    .png
  • RM1CA00056-211/image011 png.png
    .png
  • RM1CA00056-211/southland transit.pdf
    .pdf
  • RM1CA00056-211/stamped Southland Transit GL Policy - 2020-21 - REWRITE PDF.pdf
    .pdf