General
-
Target
a7ea9a935b9b8442edce4029a5a39d1029905e18125dc3e0e1f39e3751915f22
-
Size
1.8MB
-
Sample
221124-zyktcsaa45
-
MD5
86f2df84a2fd492b3d4db782e9068b3e
-
SHA1
d9b589dbb33ae4ff58478d19045b4bb80688b372
-
SHA256
a7ea9a935b9b8442edce4029a5a39d1029905e18125dc3e0e1f39e3751915f22
-
SHA512
da4cc6774b19ba36f1dd0bfdab789df9ac522631fa5eda9564a14404e66d322a0c892052e499eb6e430a6695418dfddb85ef73598ec7cc618a263e96b774cd92
-
SSDEEP
49152:2zDSYed6GytUoOsiCCoFGq7LIvzdBchUIZMS/yAk:2zmYed1ySoiCCoF/7MrdqZMcyz
Static task
static1
Behavioral task
behavioral1
Sample
Segunda_via_pdf.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
Segunda_via_pdf.exe
Resource
win10v2004-20221111-en
Malware Config
Targets
-
-
Target
Segunda_via_pdf.com
-
Size
1.8MB
-
MD5
68d280c7f54b46d5930f1c0b30964640
-
SHA1
1881215cc27d91013e75b81e9ff27a60275ad7cd
-
SHA256
ead64c50ce391fb120c4e0648b8eb1d6c97649c222279b009cb101ac56ef612b
-
SHA512
d92fceda9ba1da582b041d4e8160584ba232b16d21266e864827d45868122094b2ee1f5adcbc0b83e53c3307cb340781d9eb50e29e886eddc7e8d8a74d3d3957
-
SSDEEP
49152:dYt5d8HAAeJQs0Nw+MKKGMOLAIF39qFkcAuKBjheTYV:yt5d8HbDNwH3GMuAUNqLZKuU
Score9/10-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Identifies Wine through registry keys
Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-