General
-
Target
b3eadb489a9b3f1ab1eaa19fe7dbe132afbcb6588a99e954f33a4a95c1be3d40
-
Size
3.2MB
-
MD5
0c8a10b43ee1a00329223598f7393ff2
-
SHA1
283ef2a1f2e1c461dc0db34c10e99c4d541d1d49
-
SHA256
b3eadb489a9b3f1ab1eaa19fe7dbe132afbcb6588a99e954f33a4a95c1be3d40
-
SHA512
605c739f592c8fcd79188f1cc9a3ae61c4148c2465ee593cc59a360d076614d58fdc2b232cfbaf557ba8f0d2160b98db65d718adc4974dc559a8e3a94042db3b
-
SSDEEP
49152:aNWOxkR7TJXJQBZoS/qwfLJQDVFjjlmeNDubZAZ4RM46PxGcxnj+u127g8o:/OxGZJI/qqSD5meUAd1swiaSg8o
Malware Config
Signatures
-
One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
Files
-
b3eadb489a9b3f1ab1eaa19fe7dbe132afbcb6588a99e954f33a4a95c1be3d40
-
https://ignitetechnologies.in/
-
https://docs.microsoft.com/en-gb/windows/win32/com/the-component-object-model?redirectedfrom=MSDN
-
https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-dcom/4a893f3d-bd29-48cd-9f43-d9777a4415b0?redirectedfrom=MSDN
-
https://docs.microsoft.com/en-us/windows/win32/sysinfo/structure-of-the-registry
-
https://docs.microsoft.com/en-us/windows/win32/com/clsid-key-hklm
-
https://github.com/nccgroup/acCOMplice
-
https://github.com/enigma0x3/Misc-PowerShell-Stuff/blob/master/Get-ScheduledTaskComHandler.ps1
-
https://bohops.com/2018/06/28/abusing-com-registry-structure-clsid-localserver32-inprocserver32/
-
https://www.gdatasoftware.com/blog/2014/10/23941-com-object-hijacking-the-discreet-way-of-persistence
- Show all
-