Overview

overview

7

Static

static

3

SEDAGRO yv...IB.dll

windows7-x64

3

SEDAGRO yv...IB.dll

windows10-2004-x64

3

SEDAGRO yv...mm.dll

windows7-x64

3

SEDAGRO yv...mm.dll

windows10-2004-x64

1

SEDAGRO yv...gz.exe

windows7-x64

6

SEDAGRO yv...gz.exe

windows10-2004-x64

7

SEDAGRO yv...20.dll

windows7-x64

1

SEDAGRO yv...20.dll

windows10-2004-x64

1

SEDAGRO yv...20.dll

windows7-x64

1

SEDAGRO yv...20.dll

windows10-2004-x64

1

SEDAGRO yv...32.dll

windows7-x64

1

SEDAGRO yv...32.dll

windows10-2004-x64

1

SEDAGRO yv...32.dll

windows7-x64

1

SEDAGRO yv...32.dll

windows10-2004-x64

1

SEDAGRO yv...iv.dll

windows7-x64

1

SEDAGRO yv...iv.dll

windows10-2004-x64

1

SEDAGRO yvl/vfnet.dll

windows7-x64

1

SEDAGRO yvl/vfnet.dll

windows10-2004-x64

1

SEDAGRO yv...ss.dll

windows7-x64

1

SEDAGRO yv...ss.dll

windows10-2004-x64

1

SEDAGRO yvl/vfnws.dll

windows7-x64

1

SEDAGRO yvl/vfnws.dll

windows10-2004-x64

1

SEDAGRO yv...nt.dll

windows7-x64

1

SEDAGRO yv...nt.dll

windows10-2004-x64

1

SEDAGRO yv...vc.dll

windows7-x64

1

SEDAGRO yv...vc.dll

windows10-2004-x64

1

SEDAGRO yvl/werui.dll

windows7-x64

1

SEDAGRO yvl/werui.dll

windows10-2004-x64

1

SEDAGRO yv...pi.dll

windows7-x64

1

SEDAGRO yv...pi.dll

windows10-2004-x64

1

SEDAGRO yv...wd.dll

windows7-x64

1

SEDAGRO yv...wd.dll

windows10-2004-x64

1

Sharing

Copy URL Twitter E-mail

General

  • Target

    muestra.zip

  • Size

    17.8MB

  • MD5

    50d4da528bebcd1d4cb569ac195f14ec

  • SHA1

    8651432daab41ccf6a77768344cb7bc302ff8bac

  • SHA256

    ed733bb9814413410ae20059e1ccdab65553dccdcd0fd9edfde327f326ee4c1e

  • SHA512

    7da34447d6445a32d0cc4389c834dbe3edac5d57b0732b5896ff0bf0d5a91307ffada57e95b034cb56f98fe35146c9413a3c9585699a0b6e98f8d97d1e2ff0cf

  • SSDEEP

    393216:R37gmTRJbcRs9JShyAEoObfH5jofkn2awD+uZqoatRBRU:V7gmTR8egh9ClofCY+GqoMRU

Score
3/10

Malware Config

Signatures

  • Unsigned PE 7 IoCs

    Checks for missing Authenticode signature.

Files

  • muestra.zip
    .zip

    Password: infected

  • SEDAGRO yvl/Cursors/aero_link_il.cur
  • SEDAGRO yvl/Cursors/aero_link_im.cur
  • SEDAGRO yvl/Cursors/aero_move_xl.cur
  • SEDAGRO yvl/Cursors/aero_nesw.cur
  • SEDAGRO yvl/Cursors/aero_nesw_l.cur
  • SEDAGRO yvl/Cursors/aero_ns.cur
  • SEDAGRO yvl/FLTLIB.DLL
    .dll windows:5 windows x86 arch:x86

    Password: infected

    a537db9e3ac79e5e57fd21566451cb10


    Headers

    Imports

    Exports

    Sections

  • SEDAGRO yvl/borlndmm.dll
    .dll windows:5 windows x86 arch:x86

    Password: infected

    7c8614e26af160453644266cf4f67143


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • SEDAGRO yvl/cwf gz.cert
  • SEDAGRO yvl/cwf gz.exe
    .exe windows:5 windows x86 arch:x86

    Password: infected

    dd146b8114dfb5cdb561950bfbd20252


    Code Sign

    Headers

    Imports

    Sections

  • SEDAGRO yvl/inpay20.dll
    .dll windows:5 windows x86 arch:x86

    Password: infected

    ac02d5aab56bb029e9b2bf0229dda5d7


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • SEDAGRO yvl/ipworksedi20.dll
    .dll windows:5 windows x86 arch:x86

    Password: infected

    c81951e1e0635a5d9bdd528c8c962799


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • SEDAGRO yvl/libeay32.dll
    .dll windows:5 windows x86 arch:x86

    Password: infected

    43b0fe249f8f5a5ce8ac2d967a025119


    Headers

    Imports

    Exports

    Sections

  • SEDAGRO yvl/ssleay32.dll
    .dll windows:5 windows x86 arch:x86

    Password: infected

    5d4ca97e613c17181b46764d204584bd


    Headers

    Imports

    Exports

    Sections

  • SEDAGRO yvl/vfluapriv.dll
    .dll windows:10 windows x64 arch:x64

    Password: infected

    f662a5745cd287aa861d89b58ac332e2


    Code Sign

    Headers

    Imports

    Sections

  • SEDAGRO yvl/vfnet.dll
    .dll windows:10 windows x64 arch:x64

    5397dc1a473e1f8f0585f089032bc5fc


    Code Sign

    Headers

    Imports

    Sections

  • SEDAGRO yvl/vfntlmless.dll
    .dll windows:10 windows x64 arch:x64

    f1956ea6c9757cb4ab16245e384c7442


    Code Sign

    Headers

    Imports

    Sections

  • SEDAGRO yvl/vfnws.dll
    .dll windows:10 windows x64 arch:x64

    6d0497bd389fa0a8bc514bb8246f4abe


    Code Sign

    Headers

    Imports

    Sections

  • SEDAGRO yvl/vfprint.dll
    .dll windows:10 windows x64 arch:x64

    078686015c445a818a21364619b248d1


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • SEDAGRO yvl/wersvc.dll
    .dll windows:10 windows x64 arch:x64

    8ea7bbb362f807fd5f04d89335411e9e


    Headers

    Imports

    Exports

    Sections

  • SEDAGRO yvl/werui.dll
    .dll windows:10 windows x64 arch:x64

    600f604125e1820f1c2db1735c5b4db1


    Headers

    Imports

    Exports

    Sections

  • SEDAGRO yvl/wevtapi.dll
    .dll windows:10 windows x64 arch:x64

    3df6efe26236bc1b0d866e5bcceeb49c


    Code Sign

    Headers

    Imports

    Exports

    Sections

  • SEDAGRO yvl/wevtfwd.dll
    .dll windows:10 windows x64 arch:x64

    e9b76d35f59e84b8ed8b0b52e612c06c


    Headers

    Imports

    Exports

    Sections

  • SEDAGRO yvl/wevtsvc.dll
    .dll windows:10 windows x64 arch:x64

    a905ef31a7398e7354ddfcec5cc82a93


    Headers

    Imports

    Exports

    Sections