General
-
Target
(No subject) (3).eml
-
Size
230KB
-
MD5
25271c517d85687b480fe3c0f85b30e7
-
SHA1
634757c064f9cbc37e57b9a90ab5602fb68b3878
-
SHA256
1f9845f2e52641bdcbf9a253b2df906ff8b1cce3b851e66a0bbfc64cd24d5e80
-
SHA512
ab420fcc4c908a837a4b334f9c0e2a7bd1d06cfac7f39b28929a0ab796194e50f4514b2d3d7451feb836a41721ae2fa0b34895944d04a944c15df996c3fa7a51
-
SSDEEP
3072:Jcc5aI2omNRcWrqVzKdVWhzEh/XaW0ZQwvpVoknfn7Sgn6dNmYcg9uOtIh4MZmO9:Jcc5j41uUyO7GQwvvfn7SbuOgma
Malware Config
Signatures
-
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
Files
-
(No subject) (3).eml
Password: A320
-
https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=
-
https://cas5-0-urlprotect.trendmicro.com:443/wis/clicktime/v1/query?url=https%3a%2f%2faka.ms%2fLearnAboutSenderIdentification&umid=084b07d8-4628-4005-a821-19b96501b4c4&auth=fbd9a64a18500230246a4ccb62856c7dc383f35f-ad7418263f00af1df2a1894a87a523ad2dacbcbc
-
http://admin.sigmamovil.com/click?e238898/HYWlvNjY5MCxhaW82NjkwLGh0dHBzOi8vYWlvMi5zaWdtYW1vdmlsLmNvbS9hcGkvdHJhY2tfbWFpbHMvY2xpY2s/qP2VtYWlsPW1ydXRoJTQwbWVyY2FtaW8uY29tJmlkQ29udGFjdD02NTFlY2RlNjg2OTkyMWI0ZmEwZWFjZGMmaWRNYWlsPTY2OTAmdXJsPW1haWx0byUzQXNpZXNhZmVyZWNlcGNpb24lNDBzaWVzYWZlLmNv/s6m7939d5f6
-
-
COMUNICADO ACTUALIZACION DE CORREO.pdf
Password: A320
-
http://admin.sigmamovil.com/click?e238898/HYWlvNjY5MCxhaW82NjkwLGh0dHBzOi8vYWlvMi5zaWdtYW1vdmlsLmNvbS9hcGkvdHJhY2tfbWFpbHMvY2xpY2s/qP2VtYWlsPW1ydXRoJTQwbWVyY2FtaW8uY29tJmlkQ29udGFjdD02NTFlY2RlNjg2OTkyMWI0ZmEwZWFjZGMmaWRNYWlsPTY2OTAmdXJsPW1haWx0byUzQXNpZXNhZmVyZWNlcGNpb24lNDBzaWVzYWZlLmNv/s6m7939d5f6
-
-
COMUNICADO RESOLUCION 0085 MERCAMIO.pdf
Password: A320
-
http://siesa.com
-
-
email-html-2.txt
-
email-plain-1.txt