General

  • Target

    Understanding_a_Payloads_Life.pdf

  • Size

    4.7MB

  • MD5

    1481b92ff2af8677db95aca6eca50c9d

  • SHA1

    f749e486475da80ca3bc268030712ffc23e9601a

  • SHA256

    21271ef39311c668b64d0071c7f20a5e31feae6acbe017c9cb9ad4d0dce56393

  • SHA512

    5b4730389c22e414ced67e61b305575ffbe44b172705c9af07ef66e65200cbc641b8acb1a543e8adf62d94b025fa0c53e7398f34df7808aebfdf74440959c1e0

  • SSDEEP

    98304:J+Tzy/qGjKVtrrTtA/d1rSE2flr548dnXdpVJTI8GO475BGIWU96:J+TOyGOnrtIIs8t3jTIi47T96

Score
3/10

Malware Config

Signatures

  • One or more HTTP URLs in PDF identified

    Detects presence of HTTP links in PDF files.

Files

  • Understanding_a_Payloads_Life.pdf
    .pdf
    • http://attl4s.github.io

    • http://www.hick.org/code/skape/papers/meterpreter.pdf

    • https://github.com/rapid7/metasploit-payloads

    • https://github.com/rapid7/metasploit-framework/discussions/14490

    • https://github.com/stephenfewer/ReflectiveDLLInjection

    • http://github.com/rapid7/ReflectiveDLLInjection

    • http://www.cobaltstrike.com/blog/cobalt-strike-4-4-the-one-with-the-reconnect-button/

    • http://bruteratel.com/research/feature-update/2021/06/01/PE-Reflection-Long-Live-The-King/

    • http://www.mdsec.co.uk/2021/12/nighthawk-0-1-new-beginnings/

    • Show all