General

  • Target

    18579957989.zip

  • Size

    631KB

  • MD5

    9f0b0cce68fc85f9e5eb71947aea76ca

  • SHA1

    78ccbcefcb6b2c4643fd82a4256243c055073328

  • SHA256

    ea54e494a715e301ff8ccd9b49d6c5ee9128439a707499756cd84d65577bfd0c

  • SHA512

    a7ec6af658d76c24a5c71aefc1e5c4d8f4d711963939f4558f4d287e69e8fcd9d234f5f420f3c4a88d65d59b655ecd236e852e5c9c06dcdcb5314caec09fc8ec

  • SSDEEP

    12288:k4c4ewSagxwBnTq6SwcN2Ho/nT0fmJPtQbOOm+eZ0Til55ZMtiCRB:k4neJoJbSwjI/nT0fmJyKqTAg

Score
3/10

Malware Config

Signatures

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

  • Unsigned PE 1 IoCs

    Checks for missing Authenticode signature.

Files

  • 18579957989.zip
    .zip

    Password: infected

  • f11e0cd1f8fcf1d24efe1067799e02536ca443521160bb28d8fcb12ec606bc15
    .iso

    Password: infected

  • out.iso
    .iso

    Password: infected

  • DANFE01010109919585.pdf.lnk
    .lnk
  • DANFE01010109919585/DANFE01010109919585.exe
    .exe windows:4 windows x86 arch:x86

    Password: infected

    f34d5f2d4577ed6d9ceec516c1f5a744


    Code Sign

    Headers

    Imports

    Sections

  • DANFE01010109919585/DANFE01010109919585.pdf
    .pdf

    Password: infected

    • http://NF-ewww.nfe.fazenda.gov.br/portalPROTOCOLO

  • DANFE01010109919585/DANFE01010109919585.xml
    .js .xml
  • DANFE01010109919585/DANFE01010109919585.zip
    .zip

    Password: infected

  • DANFE01010109919585.dll
    .dll windows:4 windows x86 arch:x86

    Password: infected

    dae02f32a21e03ce65412f6e56942daa


    Headers

    Imports

    Sections

  • DANFE01010109919585.exe.config
    .xml