Overview

overview

10

Static

static

4

HowToBeatP...ci.pdf

windows7-x64

3

HowToBeatP...ci.pdf

windows10-2004-x64

3

NEW PAYPAL...14.pdf

windows7-x64

3

NEW PAYPAL...14.pdf

windows10-2004-x64

3

PolishPaypal.pdf

windows7-x64

3

PolishPaypal.pdf

windows10-2004-x64

3

Profiting ...i.html

windows7-x64

3

Profiting ...i.html

windows10-2004-x64

3

ScrewPaypal.pdf

windows7-x64

3

ScrewPaypal.pdf

windows10-2004-x64

3

StealthPaypal.pdf

windows7-x64

3

StealthPaypal.pdf

windows10-2004-x64

3

The Ultima...de.pdf

windows7-x64

3

The Ultima...de.pdf

windows10-2004-x64

3

Unlimited ...ut.pdf

windows7-x64

3

Unlimited ...ut.pdf

windows10-2004-x64

3

Yasuo.Payp....5.lnk

windows7-x64

10

Yasuo.Payp....5.lnk

windows10-2004-x64

10

files/Yasu....5.exe

windows7-x64

10

files/Yasu....5.exe

windows10-2004-x64

10

paypal stealth.pdf

windows7-x64

3

paypal stealth.pdf

windows10-2004-x64

3

Analysis

  • max time kernel
    118s
  • max time network
    127s
  • platform
    windows7_x64
  • resource
    win7-20240903-en
  • resource tags

    arch:x64arch:x86image:win7-20240903-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2024 23:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    StealthPaypal.pdf

  • Size

    42KB

  • MD5

    092078d0a61b990d7aadb2371e89bb11

  • SHA1

    111d35a7df2f1bc11fa3f9a96f732651a6a795af

  • SHA256

    7f9d7cd4ab9fa79b9f7eb9a0eca83e3d781fd2f5f3ebeee1e9e512cd34516f3a

  • SHA512

    e1d0d453a48397f1763f833ebf2ded481daec1a247eb3e4afc8b83efef16e537edc44f586b62e292f213f8f9c8c11516dcfee324e1c5ed24e032595da649f756

  • SSDEEP

    768:KPLQDLTsav4O6Jd4irWtuZbMLCpMfEnOZz2BhGS0k3HN1ZRZdZwxlCFJ9:KzQDLww2BWMZ41s/huUHDZRZ1r

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\StealthPaypal.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:1052

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    8b5eafb2a2dc64ee7aff817c9560fffc

    SHA1

    881973acd2249ce1ecb73ec51a8f146a2cd7acfa

    SHA256

    9ee6e28da3dd95ee14d5b93c1496a5384322a23a0fe6a5e9fc345dae1dd039bf

    SHA512

    68e57e2658a5564097973788c881acdf9ae03baa922745ddde738410c7f08c063f90145b4bbdaba0c8e788338eff5e32bbd17f8bc4124dc797a51037c24f96fd

    Download Submit