General

  • Target

    33c07a8ec3318bff897576dbd54a9a67.zip

  • Size

    638KB

  • MD5

    f7d27fa47b4305110921cb42fa05d2fe

  • SHA1

    d61916eea5e3c6ef555c25b1c61b350e445bf3dd

  • SHA256

    22ba908264b5f4bac332f56c0e8ed62a9a66cbb63fdc04f4f2db1b4f93e36ba9

  • SHA512

    11cd84b09222f95ce83d060ca4f3d84b5ab43c9e6d0cd62c72b1244363144da2cd26ed88c55a33f47492b52f491df80a4f424678b478d7368770fc0cf04792de

  • SSDEEP

    12288:rKrG580X9lg3Fq7kC09UxPAC2i42wjNPahdrPrR0WsO56sLAQz:2rG5zX9WFqNJPI/2wj8hdj907OgsLAQz

Score
4/10

Malware Config

Signatures

  • HTTP links in PDF interactive object 1 IoCs

    Detects HTTP links in interactive objects within PDF files.

  • PDF has QR code that contains a HTTP URL

    PDFs with URL QR codes are often used for phishing

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

Files

  • 33c07a8ec3318bff897576dbd54a9a67.zip
    .zip

    Password: infected

  • 33c07a8ec3318bff897576dbd54a9a67
    .eml
    • http://hrportal.sibintek.ru/view_doc.html?mode=doc&doc_id=5706659353785494802

    • http://hrportal.sibintek.ru/view_doc.html?mode=doc_type&custom_web_template_id=5455214134066951920&doc_id=6561274093586421297

    • http://sibintek24/index.php

    • http://www.sibintek.ru/

    • https://apps.apple.com/ru/app/prosibintek/id1482900827

    • https://play.google.com/store/apps/details?id=sib.sibintek.ru.smp_prosibintek&hl=ru

    • https://t.me/+lcaWjGndOJYyYzQy

    • https://vk.com/sibintek

  • =?windows-1251?B?0ODx7+jx4O3o5SBvbmxpbmUt7uHz9+Xt6P9f7ODpLnBkZg==?=
    .pdf
    • http://hrportal.sibintek.ru/view_doc.html?mode=course&doc_id=6561274093586421297&object_id=7265218009721942435

    • http://hrportal.sibintek.ru/view_doc.html?mode=course&doc_id=6561274093586421297&object_id=7265221419801515016

    • http://hrportal.sibintek.ru/view_doc.html?mode=course&doc_id=6561274093586421297&object_id=7265226430901923724

    • http://hrportal.sibintek.ru/view_doc.html?mode=course&doc_id=6561274093586421297&object_id=7265226972228626905

    • http://hrportal.sibintek.ru/view_doc.html?mode=course&doc_id=6561274093586421297&object_id=7265229514969086305

    • http://hrportal.sibintek.ru/view_doc.html?mode=course&doc_id=6561274093586421297&object_id=7265230108259876602

    • http://hrportal.sibintek.ru/view_doc.html?mode=course&doc_id=6561274093586421297&object_id=7265230532052671185

    • http://hrportal.sibintek.ru/view_doc.html?mode=course&doc_id=6561274093586421297&object_id=7265230957974678783

    • http://hrportal.sibintek.ru/view_doc.html?mode=course&doc_id=6561274093586421297&object_id=7265231434788974790

    • Show all
  • email-html-2.txt
    .html
  • email-plain-1.txt
  • image003.png
    .png
  • image004.png
    .png
  • image005.png
    .png
  • image006.jpg
    .jpg
  • image007.jpg
    .jpg
  • image008.png
    .png
  • image009.png
    .png
  • oledata.mso