Overview

overview

8

Static

static

Pdf.exe

windows7_x64

8

Pdf.exe

windows10_x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Pdf.exe

  • Size

    1.3MB

  • Sample

    200624-k51j3t4c3j

  • MD5

    54ed627847f3f9b113c1651e52433637

  • SHA1

    27a89f3e6a0f6e472f144c8bb52948245171c6f9

  • SHA256

    df70b7f1c190951daadb981dddb42d7e7ace1d6cba158dbfa983035398ef61aa

  • SHA512

    3706fe463b2daa1ac11eaa6d76e221ff3e8ff5cfc3a2cc823b8036133d7329df1dc46b48245d3211c48ee37a2d486eb4ab32eb533e2a1334b824dc269bec331b

Score
8/10
persistence

Malware Config

Targets

    • Target

      Pdf.exe

    • Size

      1.3MB

    • MD5

      54ed627847f3f9b113c1651e52433637

    • SHA1

      27a89f3e6a0f6e472f144c8bb52948245171c6f9

    • SHA256

      df70b7f1c190951daadb981dddb42d7e7ace1d6cba158dbfa983035398ef61aa

    • SHA512

      3706fe463b2daa1ac11eaa6d76e221ff3e8ff5cfc3a2cc823b8036133d7329df1dc46b48245d3211c48ee37a2d486eb4ab32eb533e2a1334b824dc269bec331b

    Score
    8/10
    persistence

    • Executes dropped EXE

    • Drops startup file

    • Loads dropped DLL

    • Adds Run entry to start application

      persistence

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks