Behavioral task
behavioral1
Sample
718314e03bb2ab6d1c4445a147fb0ac9ffdd497623cf0586ee648bc8b876389e.pdf
Resource
win7-20220414-en
Behavioral task
behavioral2
Sample
718314e03bb2ab6d1c4445a147fb0ac9ffdd497623cf0586ee648bc8b876389e.pdf
Resource
win10v2004-20220414-en
General
-
Target
718314e03bb2ab6d1c4445a147fb0ac9ffdd497623cf0586ee648bc8b876389e
-
Size
36.8MB
-
MD5
ba326a1c4c3cecffae3ad3535b7bc161
-
SHA1
f339f7536bd0cadb7fb88a2d3ed31de9e7103273
-
SHA256
718314e03bb2ab6d1c4445a147fb0ac9ffdd497623cf0586ee648bc8b876389e
-
SHA512
cb516cda2da547ed2ff3d78691ce84b05db622c17b0012cbc209d501397e86a1f047a55b6187fdcd8e7ca4d7263f85ad2f677395019161fafa445df35caf7f4b
-
SSDEEP
786432:7JXBpNqrEkRMCydBmwReH0j+YUHPc4G9pnPCEZ:FXBpNqrEkiCydIwRRKnHPo99CEZ
Malware Config
Signatures
Files
-
718314e03bb2ab6d1c4445a147fb0ac9ffdd497623cf0586ee648bc8b876389e.pdf
-
http://ohpe.it/juicy-potato/CLSID/Windows_Server_2016_Standard/
-
https://github.com/ohpe/juicy-potato/releases
-
https://raw.githubusercontent.com/samratashok/nishang/master/Shells/Invoke-PowerShellTcp.ps1
-
https://github.com/SecureAuthCorp/impacket/blob/master/examples/mssqlclient.py
-
http://shell-storm.org/shellcode/files/shellcode-806.php
-
https://github.com/longld/peda#key-features
-
https://github.com/DominicBreuker/pspy
-
https://blog.stealthbits.com/passing-the-hash-with-mimikatz
-
https://github.com/SecureAuthCorp/impacket/blob/master/examples/secretsdump.py
-
https://github.com/BloodHoundAD/BloodHound/blob/master/Ingestors/SharpHound.ps1
-
https://github.com/BloodHoundAD/BloodHound
-
https://github.com/SecureAuthCorp/impacket/blob/master/examples/GetNPUsers.py
-
https://docs.alfresco.com/5.1/tasks/auth-kerberos-ADconfig.html
-
https://github.com/ropnop/kerbrute
-
https://gist.github.com/cube0x0/1cdef7a90473443f72f28df085241175
-
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/blob/master/winPEAS/winPEASexe/winPEAS/bin/x64/Release/winPEAS.exe
-
https://docs.microsoft.com/en-us/sysinternals/downloads/accesschk
-
https://www.exploit-db.com/exploits/48543
-
https://github.com/Hackplayers/evil-winrm
-
https://github.com/byt3bl33d3r/CrackMapExec
-
https://github.com/paranoidninja/0xdarkvortex-MalwareDevelopment/blob/master/prometheus.cpp
-
https://www.exploit-db.com/exploits/49375
-
https://github.com/carlospolop/privilege-escalation-awesome-scripts-suite/tree/master/linPEAS
-
https://github.com/rebootuser/LinEnum/blob/master/LinEnum.sh
-
http://docs.pwntools.com/en/stable/
-
https://github.com/corelan/mona
-
https://www.immunityinc.com/products/debugger/
-
https://developer.microsoft.com/en-us/microsoft-edge/tools/vms/
-
https://en.cppreference.com/w/c/string/byte/strcpy
-
https://ghidra-sre.org/
-
https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html
-
https://www.exploit-db.com/exploits/48552
-
https://www.exploit-db.com/exploits/47502
-
https://github.com/sqlmapproject/sqlmap
-
https://www.exploit-db.com/exploits/48615
-
https://www.exploit-db.com/exploits/48505
-
https://www.exploit-db.com/exploits/48512
-
https://github.com/OJ/gobuster
-
https://github.com/roughiz/Webmin-1.910-Exploit-Script
-
https://gtfobins.github.io/gtfobins/vim/#shell
-
https://www.php.net/manual/en/wrappers.php
-
https://gtfobins.github.io/gtfobins/find/#suid
-
https://github.com/digininja/CeWL
-
https://wpvulndb.com/wordpresses/541
-
https://github.com/wpscanteam/wpscan
-
http://apache_restart.py
-
http://urllib.py
-
http://shell.nc
-
http://webmin_exploit.py
-
https://www.sourcecodester.com/php/14233/online-discussion-forum-site.html#
-
https://www.sourcecodester.com/download-code?nid=14233&title=Online+Discussion+Forum+Site#
-
http://druva.py
-
http://exploit.sh
-
http://mona.py
-
http://bof.py
-
http://id_rsa.pub
-
http://LinEnum.sh
-
http://linenum.sh
-
http://tmp_delete.sh
-
http://tmp_delete.sh/home/pericles/sh
-
https://github.com/byt3bl33d3r/CrackMapExeccd
-
http://setup.py
-
http://Get-ServiceAcl.ps
-
http://myspace7.GetNPUsers.py
-
http://SharpHound.ps
-
http://20200811054926_BloodHound.zip
-
http://secretsdump.py
-
http://SYSTEM.secretsdump.py
-
http://s.is
-
http://pi.read
-
http://pe.read
-
http://si.read
-
http://mssqlclient.py
-
http://Invoke-PowerShellTcp.ps
-
http://db_backup.ps
- Show all
-