0cd8e61fc0ffafaacd189835c1941ed0eb531cef905a38e9f8f1ce102adb5143

Submit
Reports

Overview

overview

Static

static

Payload/Yo...lderis

macos-10.15-amd64

Payload/Yo...strate

macos-10.15-amd64

Payload/Yo....dylib

macos-10.15-amd64

Payload/Yo...ts.pdf

windows7-x64

Payload/Yo...ts.pdf

windows10-2004-x64

Payload/Yo...elp.js

windows7-x64

Payload/Yo...elp.js

windows10-2004-x64

Payload/Yo...dge.js

windows7-x64

Payload/Yo...dge.js

windows10-2004-x64

Payload/Yo...dge.js

windows7-x64

Payload/Yo...dge.js

windows10-2004-x64

Payload/Yo...mework

macos-10.15-amd64

Payload/Yo...ler.js

windows7-x64

Payload/Yo...ler.js

windows10-2004-x64

Payload/Yo...t.html

windows7-x64

Payload/Yo...t.html

windows10-2004-x64

Payload/Yo...t.html

windows7-x64

Payload/Yo...t.html

windows10-2004-x64

Payload/Yo...ser.js

windows7-x64

Payload/Yo...ser.js

windows10-2004-x64

Payload/Yo...ser.js

windows7-x64

Payload/Yo...ser.js

windows10-2004-x64

Payload/Yo...ent.js

windows7-x64

Payload/Yo...ent.js

windows10-2004-x64

Payload/Yo....dylib

macos-10.15-amd64

Payload/Yo....dylib

macos-10.15-amd64

Payload/Yo....dylib

macos-10.15-amd64

Payload/Yo....dylib

macos-10.15-amd64

Payload/Yo....dylib

macos-10.15-amd64

Payload/Yo....dylib

macos-10.15-amd64

Payload/Yo....dylib

macos-10.15-amd64

Payload/Yo....dylib

macos-10.15-amd64

Analysis

max time kernel
157s
max time network
143s
platform
windows7_x64
resource
win7-20230831-en
resource tags

arch:x64arch:x86image:win7-20230831-enlocale:en-usos:windows7-x64system
submitted
04/10/2023, 01:01

Sharing

Copy URL

Twitter E-mail

Static task

static1

pdf evasion

1 signatures

Behavioral task

behavioral1

Sample

Payload/YouTube.app/Frameworks/Alderis.framework/Alderis

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral2

Sample

Payload/YouTube.app/Frameworks/CydiaSubstrate.framework/CydiaSubstrate

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral3

Sample

Payload/YouTube.app/Frameworks/DontEatMyContent.dylib

Resource

macos-20230831-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral4

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/Edit_Resources.bundle/Assets.pdf

Resource

win7-20230831-en

windows7-x64

2 signatures

150 seconds

Behavioral task

behavioral5

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/Edit_Resources.bundle/Assets.pdf

Resource

win10v2004-20230915-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral6

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/GHKContactUsResources.bundle/get_help.js

Resource

win7-20230831-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral7

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/GHKContactUsResources.bundle/get_help.js

Resource

win10v2004-20230915-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral8

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/GHKMainWebViewJS.bundle/main_view_js_bridge.js

Resource

win7-20230831-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral9

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/GHKMainWebViewJS.bundle/main_view_js_bridge.js

Resource

win10v2004-20230915-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral10

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/GHKSearchResultWebViewJS.bundle/search_result_page_js_bridge.js

Resource

win7-20230831-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral11

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/GHKSearchResultWebViewJS.bundle/search_result_page_js_bridge.js

Resource

win10v2004-20230915-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral12

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/Module_Framework

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral13

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/RedirectLandingMessageHandler.js

Resource

win7-20230831-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral14

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/RedirectLandingMessageHandler.js

Resource

win10v2004-20230915-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral15

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/SUPSupportContentResources.bundle/ColorThemedCSSFormat.html

Resource

win7-20230831-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral16

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/SUPSupportContentResources.bundle/ColorThemedCSSFormat.html

Resource

win10v2004-20230915-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral17

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/SUPSupportContentResources.bundle/RenderedContentFormat.html

Resource

win7-20230831-en

windows7-x64

4 signatures

150 seconds

Behavioral task

behavioral18

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/SUPSupportContentResources.bundle/RenderedContentFormat.html

Resource

win10v2004-20230915-en

windows10-2004-x64

5 signatures

150 seconds

Behavioral task

behavioral19

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/SUPSupportContentResources.bundle/SearchResultsParser.js

Resource

win7-20230831-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral20

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/SUPSupportContentResources.bundle/SearchResultsParser.js

Resource

win10v2004-20230915-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral21

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/SUPSupportContentResources.bundle/SurveyContactFormParser.js

Resource

win7-20230831-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral22

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/SUPSupportContentResources.bundle/SurveyContactFormParser.js

Resource

win10v2004-20230915-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral23

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/WebViewComponent.js

Resource

win7-20230831-en

windows7-x64

0 signatures

150 seconds

Behavioral task

behavioral24

Sample

Payload/YouTube.app/Frameworks/Module_Framework.framework/WebViewComponent.js

Resource

win10v2004-20230915-en

windows10-2004-x64

0 signatures

150 seconds

Behavioral task

behavioral25

Sample

Payload/YouTube.app/Frameworks/YTABConfig.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral26

Sample

Payload/YouTube.app/Frameworks/YTNoCommunityPosts.dylib

Resource

macos-20230831-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral27

Sample

Payload/YouTube.app/Frameworks/YTUHD.dylib

Resource

macos-20230831-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral28

Sample

Payload/YouTube.app/Frameworks/YTVideoOverlay.dylib

Resource

macos-20230831-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral29

Sample

Payload/YouTube.app/Frameworks/YouMute.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral30

Sample

Payload/YouTube.app/Frameworks/YouPiP.dylib

Resource

macos-20220504-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral31

Sample

Payload/YouTube.app/Frameworks/YouQuality.dylib

Resource

macos-20230831-en

macos-10.15-amd64

0 signatures

150 seconds

Behavioral task

behavioral32

Sample

Payload/YouTube.app/Frameworks/YouTubeDislikesReturn.dylib

Resource

macos-20230831-en

macos-10.15-amd64

0 signatures

150 seconds

Report Analysis Logs

General

Target

Payload/YouTube.app/Frameworks/Module_Framework.framework/Edit_Resources.bundle/Assets.pdf
Size

985KB
MD5

d84fc0328cf843fdbf5d1881b04d3ecd
SHA1

bef3ab0ae63fc89770a5e6eebf221b84cfad1020
SHA256

2be0276b250b93d0f5a3b44b87df6b11e217376df66eeb848537e5face7d97af
SHA512

a418d074e6a37376f48c0b537439e36ccf7c6862a76a2847fbf14841b25641bba7a8de4f5193ef8064349ab8021917110eb1f94847d9b0c46907afcef057c0d5
SSDEEP

24576:+VRGKTOdUUvw1UZ+znfyoQO9f0pTJxpk5:+VRGKCdUhUZ+N8pXpk5

Score

1^/10

Malware Config

Signatures

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2616	AcroRd32.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2616	AcroRd32.exe
2616	AcroRd32.exe
2616	AcroRd32.exe

Processes

C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Payload\YouTube.app\Frameworks\Module_Framework.framework\Edit_Resources.bundle\Assets.pdf"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2616

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\9.0\SharedDataEvents

Filesize
3KB

MD5
7f338c4ce253223187a7c42b852ce1f9

SHA1
0862199d4d278b7b75b992daafb7949c4f0c313c

SHA256
f4ba1dd2eb81180b6742e47651a42635550f6454c6b9cf0b2f4b73a241332712

SHA512
94769531452cc1a6d09a0be24b3cd464877dcb5cce4d309e75856d37be49d64f6236dd58ee5f102bf057056baab2530a1d9fcf4e5ee5b47bb840ea7d2cf15462

Download Submit