Overview

overview

4

Static

static

4

Constancia...JL.pdf

windows7-x64

1

Constancia...JL.pdf

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Constancia Situación Fiscal 04 2024 JL.pdf.7z

  • Size

    141KB

  • MD5

    fbedeb7fd8deac687b50a29b33c13e30

  • SHA1

    eba0584b6d372fd9f7046c3eb96bd5494fe742ed

  • SHA256

    00c6dc874182e3d5e87be957e2a6f8aaa50f13bdeec116f18aa4b83fc2f7b70b

  • SHA512

    a705215d432d85e8273f528eb8dd8753b56fc9848ec85a4b28f2470e283489d3fcbaa71b9dfc16f33047c1f3c63b78d306216eebace7d6dfaf844497c18dea11

  • SSDEEP

    3072:aLd41MG48Dij8PjOzXPmfLxVtuajIqoVip19jJGj:xqGRDiwjGfmtfjclVip19jgj

Score
4/10
pdflinkqr

Malware Config

Signatures

  • PDF has QR code that contains a HTTP URL

    PDFs with URL QR codes are often used for phishing

    pdfqr
  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

    pdflink

Files

  • Constancia Situación Fiscal 04 2024 JL.pdf.7z
    .7z

    Password: infected

  • Constancia Situación Fiscal 04 2024 JL.pdf
    .pdf

    Password: infected

    • http://sat.gob.mx

    • http://vilowww.gob.mx/sfp

    • http://www.sat.gob.mx

    • https://siat.sat.gob.mx/app/qr/faces/pages/mobile/validadorqr.jsf?D1=0&D2=1&D3=%7C%7C2024%2F04%2F09%7CLOIE490120JN6%7CCONSTANCIA+DE+SITUACI%D3N+FISCAL%7C200001088888800000031%7C%7C_MBr2ypfNxtREESsX%2F4djWvZ0%2B%2FMoxdqPr%2FOR7RiFZN%2FKLrExejvZj2vTb%2BJSQ%2Fo7eZSBq8QjUA5eLAU0b8K%2B4OeWElpQ5bJdMCLjoOqkK6PYZO0WjywhtlisJ%2BJ%2BSx8NQHH2Ed0H2pUpqlDBABotp4f6NllhQgTY6%2FRqrt9z9JY%3D

    • https://siat.sat.gob.mx/app/qr/faces/pages/mobile/validadorqr.jsf?D1=10&D2=1&D3=16020240165_LOIE490120JN6