Overview

overview

8

Static

static

order pdf.exe

windows7_x64

8

order pdf.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    order pdf.exe

  • Size

    649KB

  • Sample

    200708-dh17h986pa

  • MD5

    f536c98ef869e3a9d1d6776edbee76b1

  • SHA1

    0876c67101f3f146e293199971596a5b47123a4c

  • SHA256

    7f261df83598926b168c3515bde5a345dba7828d5bcbdedff5fc55cd16ec23a8

  • SHA512

    b26ab3b4c4d0117cca7e38f0e4b0d3f530888b776cf7b6f0e2fabb48af632ca678a509211e8797c928429071abf1b7667f2174a2aaacdf71bdd2a755650b11ae

Score
8/10
evasionpersistencespywaretrojan

Malware Config

Targets

    • Target

      order pdf.exe

    • Size

      649KB

    • MD5

      f536c98ef869e3a9d1d6776edbee76b1

    • SHA1

      0876c67101f3f146e293199971596a5b47123a4c

    • SHA256

      7f261df83598926b168c3515bde5a345dba7828d5bcbdedff5fc55cd16ec23a8

    • SHA512

      b26ab3b4c4d0117cca7e38f0e4b0d3f530888b776cf7b6f0e2fabb48af632ca678a509211e8797c928429071abf1b7667f2174a2aaacdf71bdd2a755650b11ae

    Score
    8/10
    persistencespywareevasiontrojan

    • Adds Run entry to policy start application

      persistence

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spyware

    • Adds Run entry to start application

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Legitimate hosting services abused for malware hosting/C2

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Credentials in Files

1
T1081

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Data from Local System

1
T1005

Exfiltration

Command and Control

Web Service

1
T1102

Impact

Tasks