home

sstldom1-635814616498300496.rdp

MD5:
2cfab499676acdef52a8d5447d330d6a

SHA-1:
d5b40944341e36a2b335e353974c59076de0d1fa

SHA-256:
ef5838ccffef9ab5800a83f87287c91a46138c7e9eb9b2e3083f4cf0dd4964c7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/5/2024 3:35:14 PM UTC  (today)

File size:
1.1 KB (1,094 bytes)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\sstldom1-635814616498300496.rdp

The file sstldom1-635814616498300496.rdp has been seen being distributed by the following URL.

https://passwordsafe.mountsinai.org/eEye.RetinaCS.Server/api/.../StartRemoteSessionAdmin?protocol=rdp&ipaddress=10.61.21.25&username=3ff0d6bf76ef47305d746620ae298ce90a9b8930ff73ea141040456cfa3174eb245194eeac2f5e2711a6566dea95f1a2b83a98fc34ddc7f229240f89d477c4755903658dcb83baa6c14d11449d962921be2318dd8c8f6152bfd253afb7a1e25af0f1045d4834503754e3186681f9d6015e27ec15df9ed4538877cc476dfd8e262da469473a9333954883d227dcdea02a3430bd356dfacd9f7052f1cbe34054ef824ed62d5d19fa1d36b46c9632a6e0e860effb19e32ce5714b7a87c5726c359553955bae0cf724f2241f3edf0422bca93c8010be9c5290dffed28acdce27593ac53da6997b68bb53edad959f8f13a21cffe8eccdface0efbd14f2e78df7bbeaf&password=2e759a0610e7d881447f0312764feecde3ba6493573b92d32b1d0d505d1dc9d189e81fa223760d6ef6d27d2c60f2b9d8a973794e5e508e189831a662dbb4461b1ef9afe641d3385a8998fd7d31bd084dde162d88f274426530792936a7834882787eb11c0135da9294f087492d6aedfdfbc06f09b814a6bc652e3f3b4b847fba522ad8743121ccb2f56f146e080cdabc912ff422ede7f457990af412558f7ade4754b4dd8e24369a119db05ef

Scan sstldom1-635814616498300496.rdp - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.