Managed XDR

j.maluleke.eml — malware analysis report

File info

Filename
j.maluleke.eml
File type
SMTP mail, ASCII text, with very long lines, with CRLF line terminators
File size
935.9 KB
First seen
Last seen

Environment

win7/x86 en

Hashes

SHA1
fe9a8a2d5b017cdca910f2f5684df8c6eae03180
SHA256
04bab1981f6b72738ac1e970dfcd3d8d1ffa84367b7e5c1d2e228ec6bb8d1530
MD5
93b74aac39f1818c823f369df0b7f971

Signatures

Privilege Escalation

T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Defense Evasion

T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity
T1134 opens_thread_token: Opens the access token associated with a thread
T1134 opens_process_token: Opens the access token associated with a process

Discovery

T1497.002 async_mouse: Watches for mouse clicks using GetAsyncKeyState to detect human activity

Other

yara_rules: Static rules
suspicious_pdf_link: PDF file with suspicious hyperlink or content
suspicious_pdf: PDF file with suspicious content
pdf_compressed_stream: Contains an object with compressed stream
get_policy_info: Retrieves information about a Policy object
pdf_page: Contains only one page
office_links: Office file contains external links