General
-
Target
Original BL_pdf.scr
-
Size
136KB
-
Sample
210105-fdzwc5k5j6
-
MD5
7fd79d1258fa8ed52e0d49bd780acd2e
-
SHA1
ede2f547aae04f958172240dfd6cd0b76990e006
-
SHA256
581bd1167bd9b40944de9a2d8842ed8aa841fdfc69d896c24520873095e0ac03
-
SHA512
8b093424dccf6f879a792a6516536c8e02d771d0f7cd69eb706c553a0d75121a2cf9172c0f91de0c53189ce8eb6928e0b2a3ec4503024d63eb3090ec22c0feb0
Static task
static1
Behavioral task
behavioral1
Sample
Original BL_pdf.scr
Resource
win7v20201028
Behavioral task
behavioral2
Sample
Original BL_pdf.scr
Resource
win10v20201028
Malware Config
Targets
-
-
Target
Original BL_pdf.scr
-
Size
136KB
-
MD5
7fd79d1258fa8ed52e0d49bd780acd2e
-
SHA1
ede2f547aae04f958172240dfd6cd0b76990e006
-
SHA256
581bd1167bd9b40944de9a2d8842ed8aa841fdfc69d896c24520873095e0ac03
-
SHA512
8b093424dccf6f879a792a6516536c8e02d771d0f7cd69eb706c553a0d75121a2cf9172c0f91de0c53189ce8eb6928e0b2a3ec4503024d63eb3090ec22c0feb0
Score10/10-
Adds Run key to start application
-
Legitimate hosting services abused for malware hosting/C2
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-
Suspicious use of SetThreadContext
-