Overview

overview

10

Static

static

3

AA.pdf

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    AA.pdf

  • Size

    4.5MB

  • Sample

    220103-t912tsbec4

  • MD5

    5e9ea0ef94094036b41484a131298cfb

  • SHA1

    32c20082ec69e71a13cc46c0264c9e89f6f87e66

  • SHA256

    e2e4f534b9d4f20e1f3624d1af45a7c0124b185667753775e810ea1752894ed8

  • SHA512

    4dbbe82e258dc302fbda7c11acfefa3455916ad6d76ff4f6626ecc260c8e44e038df9ec62d2b6994392e514f4ebc57061d10f30c97274a34515fdbf94e412717

Score
10/10
linkpdfpersistence

Malware Config

Targets

    • Target

      AA.pdf

    • Size

      4.5MB

    • MD5

      5e9ea0ef94094036b41484a131298cfb

    • SHA1

      32c20082ec69e71a13cc46c0264c9e89f6f87e66

    • SHA256

      e2e4f534b9d4f20e1f3624d1af45a7c0124b185667753775e810ea1752894ed8

    • SHA512

      4dbbe82e258dc302fbda7c11acfefa3455916ad6d76ff4f6626ecc260c8e44e038df9ec62d2b6994392e514f4ebc57061d10f30c97274a34515fdbf94e412717

    Score
    10/10
    persistence

    • Modifies system executable filetype association

      persistence

    • Registers COM server for autorun

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence
    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Change Default File Association

1
T1042

Registry Run Keys / Startup Folder

2
T1060

Privilege Escalation

Defense Evasion

Modify Registry

3
T1112

Credential Access

Discovery

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks