Overview

overview

5

Static

static

4

Translink�...n..eml

windows7-x64

5

Translink�...n..eml

windows10-2004-x64

3

TransLink ...cs.pdf

windows7-x64

1

TransLink ...cs.pdf

windows10-2004-x64

1

email-html-2.html

windows7-x64

1

email-html-2.html

windows10-2004-x64

1

email-plain-1.txt

windows7-x64

1

email-plain-1.txt

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    Translink® Confidential Files#637135(Revised) for Caitlin..eml

  • Size

    116KB

  • MD5

    4c54d0d9076dcb18657b656234939a61

  • SHA1

    d13ba71f49c889f2dab5ef932bdb730fb87ac28e

  • SHA256

    33a24d513f10d0abf80c6784d409f6b4dd7ab34f51bac2a0fd8d920d2132a5d6

  • SHA512

    dee443bd712359122f357b9665ff99d51c3ace0505c7b45293d39bea617fadf8616ddc18a106de7ec165b15c646e301707d2bd49510f21fcd2d20ce4020ebc66

  • SSDEEP

    3072:BRnVG3U9uT5VvICqhJIeIORDcDnygFD7q:DVuTvIjJIe/RunDFD7q

Score
4/10
pdflinkqr

Malware Config

Signatures

  • PDF has QR code that contains a HTTP URL

    PDFs with URL QR codes are often used for phishing

    pdfqr
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • Translink® Confidential Files#637135(Revised) for Caitlin..eml
    .eml

    Password: infected

  • TransLink BC Disclosures and Signatures Consent Docs.pdf
    .pdf

    Password: infected

    • https://lakelandspartans.sa.com/oC2hQyd3UM/.d7g/VrOn4THx2a/Y2FpdGxpbi5jb29wZXJAdHJhbnNsaW5rLmNh

  • email-html-2.txt
    .html
  • email-plain-1.txt