Overview

overview

7

Static

static

3

PDF-XChang...64.exe

windows7-x64

7

PDF-XChang...64.exe

windows10-2004-x64

7

Sharing

Copy URL Twitter E-mail

General

  • Target

    PDF-XChangePlus10.3.0.386.0x64.7z

  • Size

    341.0MB

  • Sample

    240606-tgm99sgc5s

  • MD5

    030957a6eae9a5aff47efdac0944f3af

  • SHA1

    29b6cae48e4ab69b7bc628171256c918deab35c0

  • SHA256

    26c552aa9b4cc0eaed53c88ec4c3151d62e3158601337a804a60ce887002876e

  • SHA512

    48a86036e7bb870d365ee359c7258dbaf99958d9750ee6fb0d933dfe4b46be4466987f62f0fd7e9161133efc6514cd8c0bb645274263df044dc1068877182eae

  • SSDEEP

    6291456:mN5rJBok8mdQ1Km+TpAJQmIPriaND2KFSFp8qpNqdh+DkpW5PgIPfdxTeu:A5dQMm+TpAJQmIDh2USlpoopRfLZ

Score
7/10
evasionpersistencetrojan

Malware Config

Targets

    • Target

      PDF-XChangePlus10.3.0.386.0x64.exe

    • Size

      344.4MB

    • MD5

      bd8e20b88b5df803115cef9d3c6424e8

    • SHA1

      5695086b75762b717c20b59f8ce1fceefe689057

    • SHA256

      7ece4f763622f63f065e9e326c5d9c950a8c93bdb8029e18247beb5b5b523000

    • SHA512

      3f94554ae9cfbc4db18f29464e9c0b8f2366a0aed91001f843070794ebafe76cf74b92d91adf1d57cb13f0e870e3a933b198a8ad83accd99f809b9e37aeacf76

    • SSDEEP

      6291456:Azh9qel48v1vdZpeUNX1TicFTQjCiSA08Nw9I9XX4rIPaZ2aQuGdxz2xY+:Izv1VZptNX1TicFcjT0ewq944b/xiN

    Score
    7/10
    evasionpersistencetrojan

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Checks whether UAC is enabled

      evasiontrojan

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks