Macintosh HD:Users:Shared:dd:4work:Bitdefender-PR-Whitepaper-Metamorfo-creat4500-en_EN:Bitdefender-PR-Whitepaper-Metamorfo-creat4500-en_EN.indd
Show in Graph
Image Description
Common Information
Type Value
UUID 31ab989e-4faf-44f3-add2-f3041ff779ad
Fingerprint 7995fed252a689622b45935a37ed8c6ecd5853c27e968b2d8f02f36e2f159b1d
Analysis status DONE
Considered CTI value 2
Text language
Published May 22, 2020, 11:12 a.m.
Added to db March 12, 2024, 6:22 p.m.
Last updated Aug. 31, 2024, 6:45 a.m.
Headline Macintosh HD:Users:Shared:dd:4work:Bitdefender-PR-Whitepaper-Metamorfo-creat4500-en_EN:Bitdefender-PR-Whitepaper-Metamorfo-creat4500-en_EN.indd
Title Macintosh HD:Users:Shared:dd:4work:Bitdefender-PR-Whitepaper-Metamorfo-creat4500-en_EN:Bitdefender-PR-Whitepaper-Metamorfo-creat4500-en_EN.indd
Detected Hints/Tags/Attributes 146/3/58
Source URLs
Redirection Url
Details Source https://www.bitdefender.com/files/News/CaseStudies/study/333/Bitdefender-PR-Whitepaper-Metamorfo-creat4500-en-EN-GenericUse.pdf
URL Provider
Details Provider Source level domain
Details bitdefender.com www.bitdefender.com
Attributes
Details Type #Events CTI Value
Details Domain 128 
www.bitdefender.com
Details Domain 372 
wscript.shell
Details Domain 1 
zimjas.run
Details Domain 9 
bb.com.br
Details Domain 2 
buleva.webcindario.com
Details Domain 3 
webcindario.com
Details Domain 1 
bankofamerica.webcindario.com
Details Domain 1 
disney.webcindario.com
Details Domain 360 
attack.mitre.org
Details Domain 32 
lolbas-project.github.io
Details Domain 434 
medium.com
Details Domain 59 
www.cybereason.com
Details Domain 281 
docs.microsoft.com
Details Domain 78 
bitbucket.org
Details File 11 
avira.sys
Details File 2 
nativecore.dll
Details File 376 
wscript.exe
Details File 1208 
powershell.exe
Details File 533 
ntdll.dll
Details File 748 
kernel32.dll
Details File 229 
advapi32.dll
Details File 291 
user32.dll
Details File 5 
name.exe
Details File 11 
tray.exe
Details File 15 
servicehost.exe
Details File 1 
ux.exe
Details File 2 
aplicativobradesco.exe
Details File 12 
core.exe
Details File 2 
rapportservice.exe
Details File 5 
magnification.dll
Details File 16 
wmplayer.exe
Details File 172 
dllhost.exe
Details File 2 
steamerrorreporter.exe
Details File 1 
dllname.dll
Details File 1018 
rundll32.exe
Details File 459 
regsvr32.exe
Details File 1 
rpt-dll-sideloading.pdf
Details File 1 
shzvmmraec.vbs
Details File 4 
advanced-threat-intelligence.html
Details md5 1 
2482b97529c45783c6c2e0b95654eb1f
Details md5 1 
34f34f4b5727a1636c768808abf89e96
Details md5 1 
054f466ceccbe9d6bee81f5435e64d47
Details md5 1 
7bc15af21367d0758beddcca118642de
Details sha1 6 
da39a3ee5e6b4b0d3255bfef95601890afd80709
Details IPv4 3 
5.57.226.202
Details MITRE ATT&CK Techniques 23 
T1073
Details Url 1 
https://attack.mitre.org/techniques/t1073
Details Url 8 
https://lolbas-project.github.io
Details Url 1 
https://blog.trendmicro.com/trendlabs-security-intelligence/analysis-abuse-of-custom-actions-in-windows-installer-
Details Url 1 
https://securityintelligence.com/posts/taking-over-the-overlay-reverse-engineering-a-brazilian-remote-access-trojan-
Details Url 252 
https://medium.com
Details Url 1 
https://www.cybereason.com/blog/brazilian-financial-malware-banking-europe-south-america
Details Url 1 
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-dll-sideloading.pdf
Details Url 1 
https://docs.microsoft.com/en-us/windows/win32/dlls/dynamic-link-library-search-order
Details Url 1 
https://bitbucket.org/wpostma/dcpcrypt2010/src/default
Details Url 1 
http://buleva.webcindario.com/my
Details Url 3 
https://www.bitdefender.com/oem/advanced-threat-intelligence.html
Details Windows Registry Key 4 
HKEY_LOCAL_MACHINE\System