General
-
Target
AWB & CI_pdf.scr
-
Size
136KB
-
Sample
210105-7zn5bn89ae
-
MD5
b58bb63ee0cc0210601eaec932b0f871
-
SHA1
86ffe34c6ca638fc94313a9e7b579d74d2c1b0ab
-
SHA256
dde6436d3e8a969f96e4ccec6904631d562efad960e0e9a6a2a865174750f3d6
-
SHA512
0f48ae8ad4a30b6132e375662e5b27b304f85fab2edb171035a3958e5cb8bca69100fb84fcf6e309d197de27511285b437ea3a169d5b04b682113801eca7fb84
Static task
static1
Behavioral task
behavioral1
Sample
AWB & CI_pdf.scr
Resource
win7v20201028
Behavioral task
behavioral2
Sample
AWB & CI_pdf.scr
Resource
win10v20201028
Malware Config
Targets
-
-
Target
AWB & CI_pdf.scr
-
Size
136KB
-
MD5
b58bb63ee0cc0210601eaec932b0f871
-
SHA1
86ffe34c6ca638fc94313a9e7b579d74d2c1b0ab
-
SHA256
dde6436d3e8a969f96e4ccec6904631d562efad960e0e9a6a2a865174750f3d6
-
SHA512
0f48ae8ad4a30b6132e375662e5b27b304f85fab2edb171035a3958e5cb8bca69100fb84fcf6e309d197de27511285b437ea3a169d5b04b682113801eca7fb84
Score10/10-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-