General
-
Target
FW ReminderFile_Transfer_5308July 10 2024.eml
-
Size
176KB
-
MD5
fb20bc343dce2bf8ee49fdb5504094e0
-
SHA1
891dfca133dba092edefb8e5aaa810e1630aba07
-
SHA256
6cd31e96032db727b84574495fc6165ebf4afac585890a02abc5921716fe7d52
-
SHA512
a102489afb06fb35def39a2647c3cda1c110ba958497fe5f5d9370e190b9b99ae2d4651e0d796be505e27a1b9510c81ef45e4a2de766bec373c43d99143163dd
-
SSDEEP
3072:3MxzodWBSnkFwHpUkiGU4uDI/tM9HasJJFkToV1SxrNrYu:8xzodW0nYwHpU5B4sI/tfiJC9rNrZ
Malware Config
Signatures
-
HTTP links in PDF interactive object 1 IoCs
Detects HTTP links in interactive objects within PDF files.
-
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
Files
-
FW ReminderFile_Transfer_5308July 10 2024.eml
-
http://www.crownagentsbank.com/
-
https://ttech.com.jm/ttech/wp-content/uploads/email_signatures/TechCon_2024_Email_Signature_May_2024.png]
-
-
PaymntCompleted_88098513.pdf.pdf
-
http://docusign.com
-
https://d%61rkr%65m%61%69ns%2ecom/404%2ephp?7-797967704b536932307463767955684e79732f504c7338767969306f7973394b545337524b3034713173394e43596e4d4277413d-bGVzbGV5LWFubmUud2lsc29uQHR0ZWNoLmNvbS5qbQ==
-
-
email-html-2.txt
-
email-plain-1.txt
-
image001.png
-
image002.png