Overview

overview

10

Static

static

4

HowToBeatP...ci.pdf

windows7-x64

3

HowToBeatP...ci.pdf

windows10-2004-x64

3

NEW PAYPAL...14.pdf

windows7-x64

3

NEW PAYPAL...14.pdf

windows10-2004-x64

3

PolishPaypal.pdf

windows7-x64

3

PolishPaypal.pdf

windows10-2004-x64

3

Profiting ...i.html

windows7-x64

3

Profiting ...i.html

windows10-2004-x64

3

ScrewPaypal.pdf

windows7-x64

3

ScrewPaypal.pdf

windows10-2004-x64

3

StealthPaypal.pdf

windows7-x64

3

StealthPaypal.pdf

windows10-2004-x64

3

The Ultima...de.pdf

windows7-x64

3

The Ultima...de.pdf

windows10-2004-x64

3

Unlimited ...ut.pdf

windows7-x64

3

Unlimited ...ut.pdf

windows10-2004-x64

3

Yasuo.Payp....5.lnk

windows7-x64

10

Yasuo.Payp....5.lnk

windows10-2004-x64

10

files/Yasu....5.exe

windows7-x64

10

files/Yasu....5.exe

windows10-2004-x64

10

paypal stealth.pdf

windows7-x64

3

paypal stealth.pdf

windows10-2004-x64

3

Analysis

  • max time kernel
    94s
  • max time network
    17s
  • platform
    windows7_x64
  • resource
    win7-20240729-en
  • resource tags

    arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
  • submitted
    23-11-2024 23:14

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    StealthPaypal.pdf

  • Size

    42KB

  • MD5

    092078d0a61b990d7aadb2371e89bb11

  • SHA1

    111d35a7df2f1bc11fa3f9a96f732651a6a795af

  • SHA256

    7f9d7cd4ab9fa79b9f7eb9a0eca83e3d781fd2f5f3ebeee1e9e512cd34516f3a

  • SHA512

    e1d0d453a48397f1763f833ebf2ded481daec1a247eb3e4afc8b83efef16e537edc44f586b62e292f213f8f9c8c11516dcfee324e1c5ed24e032595da649f756

  • SSDEEP

    768:KPLQDLTsav4O6Jd4irWtuZbMLCpMfEnOZz2BhGS0k3HN1ZRZdZwxlCFJ9:KzQDLww2BWMZ41s/huUHDZRZ1r

Score
3/10
discovery

Malware Config

Signatures

  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious use of SetWindowsHookEx 3 IoCs

Processes

  • C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
    "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\StealthPaypal.pdf"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: GetForegroundWindowSpam
    • Suspicious use of SetWindowsHookEx
    PID:2268

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents
    Filesize

    3KB

    MD5

    b6008a36fc5b8950f95484650bd56714

    SHA1

    61a06fce1295d91d6d05ff102fa482c2684fcb0a

    SHA256

    95f0d44a56fe90dd4d939276d7f518d0c0289d70220ab41212d7a196f6074307

    SHA512

    b25c142514e9f2db0b01468659ccb6c065e79945519a74c2342ce377af1299756308b04256687b47e8e56a9bb65ed6aa34b840eb5b1848a0e0ad94e0afb78c70

    Download Submit