Professional Documents
Culture Documents
Incident Response
This report has 4 indicators that were mapped to 5 attack techniques and 4 tactics. View all details
Additional Context
Associated SHA256s
da4729fae856c77512b4c6b1c7337f9a02ac99f30b7542278aa44c91df1c0b6a (/search?query=context:da4729fae856c77512b4c6b1c7337f9a02ac
99f30b7542278aa44c91df1c0b6a&block_redirect=1)
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service (https://www.falcon-sandbox.com/) or the full version
(https://www.crowdstrike.com/endpoint-security-products/falcon-sandbox-malware-analysis/) to view all details.
Suspicious Indicators 3
External Systems
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
General
Installation/Persistance
Informative 15
Exploit/Shellcode
https://www.hybrid-analysis.com/sample/ef1126e49969b426d8bc44ceb809f7090f0078ec79adf723110937eb87bd7ffe/5de8d51aa83237199b648d9a 1/8
09/02/2023, 21:54 Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'TecDoc Pegasus 3.0 AP…
Creates mutants
Installation/Persistance
Dropped files
Network Related
Spyware/Information Retrieval
Unusual Characteristics
File Details
All Details: Off
Filename
TecDoc Pegasus 3.0 API - Onboarding Guide 2.1.pdf
Size
835KiB (854949 bytes)
Type
pdf
Description
PDF document, version 1.7
Document author
Liebsch, Sebastian
Document creator
Microsoft® Word for Office 365
Document producer
Microsoft® Word for Office 365
Document title
Onboarding Guide
Document subject
TecDoc Pegasus 3.0 API
Document pages
17 website uses cookies to enhance your browsing experience. Please note that by continuing to use this site you consent to the terms of our Data Protection
This
Architecture
Policy. (/data-protection-policy)
WINDOWS
https://www.hybrid-analysis.com/sample/ef1126e49969b426d8bc44ceb809f7090f0078ec79adf723110937eb87bd7ffe/5de8d51aa83237199b648d9a 2/8
09/02/2023, 21:54 Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'TecDoc Pegasus 3.0 AP…
SHA256
ef1126e49969b426d8bc44ceb809f7090f0078ec79adf723110937eb87bd7ffe
Resources Visualization
Icon Input File (PortEx)
(/file-
inline/5de8d51aa83237199b648d9a/main/visualized_sample.png)
Classification (TrID)
100.0% (.PDF) Adobe Portable Document Format
Screenshots
Show more
Hybrid Analysis
Tip: Click an analysed process below to view more details.
This website uses cookies to enhance your browsing experience. Please note that by continuing to use this site you consent to the terms of our Data Protection
Policy. (/data-protection-policy)
https://www.hybrid-analysis.com/sample/ef1126e49969b426d8bc44ceb809f7090f0078ec79adf723110937eb87bd7ffe/5de8d51aa83237199b648d9a 3/8
09/02/2023, 21:54 Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'TecDoc Pegasus 3.0 AP…
Network Analysis
DNS Requests
No relevant DNS requests were made.
Contacted Hosts
No relevant hosts were contacted.
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
image Search All Details: Off
All Strings (1404) Interesting (42/1052) TecDoc Pegasus 3.0 API - O… wininit.exe (1) AcroRd32.exe (1) urlref_httpsgist.github.comt…
screen_26.png (87) screen_0.png (4) RdrCEF.exe (3) screen_13.png (42) urlref_httpswebservice.teca… AcroRd32.exe:3760 (35)
dth 1743/FontWeight 400/XHeight 250/StemV 52/FontBBox[ -503 -250 1240 750] /FontFile2 1389 0 R>>endobj17 0 obj<</Type/Font/Subtype/TrueType/Name/F3/B
aseFont/BCDGEE+Calibri-Bold/Encoding/WinAnsiEncoding/FontDescriptor 18 0 R/FirstChar 32/LastChar 122/Widths 1395 0 R>>endobj18 0 obj<</Type/FontDescriptor/F
ontName/BCDGEE+Calibri-Bold/Flags 32/ItalicAngle 0/Ascent 750/Descent -250/CapHeight 750/AvgWidth 536/MaxWidth 1781/FontWeight 700/XHeight 250/StemV
53/FontBBox[ -519 -250 1263 750] /FontFile2 1393 0 R>>endobj19 0 obj<</Type/Page/Parent 2 0 R/Resources<</XObject<</Meta5 5 0 R>>/ExtGState<</GS6 6 0 R/GS11
11 0 R>>/Font<</F1 9 0 R/F2 12 0 R/F3 17 0 R>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/Annots[ 21 0 R 22 0 R] /MediaBox[ 0 0 595.32 841.92] /Contents 20 0 R/
Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/StructParents 1>>endobj20 0 obj<</Filter/FlateDecode/Length 6435>>streamx
endobj48 0 obj<</Subtype/Link/Rect[ 77.15 266.54 419 285.54] /BS<</W 0>>/F 4/Dest[ 49 0 R/XYZ 57 677 0] /StructParent 21>>endobj49 0 obj<</Type/Page/Parent 2
0 R/Resources<</XObject<</Meta5 5 0 R/Image102 102 0 R>>/ExtGState<</GS6 6 0 R/GS11 11 0 R>>/Font<</F1 9 0 R/F2 12 0 R/F3 17 0 R/F5 83 0 R/F6 87 0 R/F7 92 0 R
>>/ProcSet[/PDF/Text/ImageB/ImageC/ImageI] >>/MediaBox[ 0 0 595.32 841.92] /Contents 101 0 R/Group<</Type/Group/S/Transparency/CS/DeviceRGB>>/Tabs/S/Struc
tParents 52>>endobj50 0 obj<</Subtype/Link/Rect[ 97 247.54 419 266.54] /BS<</W 0>>/F 4/Dest[ 49 0 R/XYZ 57 625 0] /StructParent 22>>endobj51 0 obj<</Subtype/L
ink/Rect[ 97 228.54 419 247.54] /BS<</W 0>>/F 4/Dest[ 49 0 R/XYZ 57 482 0] /StructParent 23>>endobj52 0 obj<</Subtype/Link/Rect[ 97 209.54 419 228.54] /BS<</W
0>>/F 4/Dest[ 49 0 R/XYZ 57 417 0] /StructParent 24>>endobj53 0 obj<</Subtype/Link/Rect[ 57.3 172.23 419 209.54] /BS<</W 0>>/F 4/Dest[ 54 0 R/XYZ 57 677 0] /Str
uctParent 25>>endobj54 0 obj<</Type/
Extracted Files
Informative 11
data_1
Size
264KiB (270336 bytes)
Type
data
Runtime Process
RdrCEF.exe (PID: 3536)
MD5
d4ef84f98b8c494b048c9830e34b46dc
This website uses cookies to enhance your browsing experience. Please note that by continuing to use this site you consent to the terms of our Data Protection
SHA1
Policy. (/data-protection-policy)
e2786dab10378384ca94b2253f8500be819bdb29
https://www.hybrid-analysis.com/sample/ef1126e49969b426d8bc44ceb809f7090f0078ec79adf723110937eb87bd7ffe/5de8d51aa83237199b648d9a 4/8
09/02/2023, 21:54 Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'TecDoc Pegasus 3.0 AP…
SHA256
6ae3ea4b14f0f3f30ef68a7373fd6abf863c33e8e3c0959b834b5b6555b84c20
Visited Links
Size
128KiB (131072 bytes)
Type
data
Runtime Process
RdrCEF.exe (PID: 1680)
MD5
81a284a2b84dde3230ff339415b0112f
SHA1
f61be0648fe365bc7d398aa4907c097a06739384
SHA256
cdb94563c99017ea9eb34642740794033fb48257f3f06df0ab5af0da5f7cbf6c
A9Rrhzoed_ofdasy_2wg.tmp
Size
9.5KiB (9737 bytes)
Type
data
Description
Zip data (MIME type "application/vnd.adobe.air-ucf-package+zip"?)
Runtime Process
AcroRd32.exe (PID: 3760)
MD5
4112fbc70ea3a37f64de226ea646979a
SHA1
04135085477108dfd0693090b54227cc493025a3
SHA256
42a850147cf596396bede5dab89e19580c09b58b610ece5e525b37618b4826d0
A9Ruu3tbb_ofdasx_2wg.tmp
Size
2B (2 bytes)
Type
data
Runtime Process
AcroRd32.exe (PID: 3760)
MD5
c4103f122d27677c9db144cae1394a66
SHA1
1489f923c4dca729178b3e3233458550d8dddf29
SHA256
96a296d224f285c67bee93c30f8a309157f0daa35dc5b87e410b78630a09cfc7
0FDED5CEB68C302B1CDB2BDDD9D0000E76539CB0.crl
Overview (/sample/d1bb4b163fe01acc368a92b385bb0bd3a9fc2340b6d485b77a20553a713166d3) User Did Not Share ()
Hash Seen Before (/search?query=context:d1bb4b163fe01acc368a92b385bb0bd3a9fc2340b6d485b77a20553a713166d3&from_sample=5de8d51aa83237199b648d9a&block_redirect=1)
Size
637B (637 bytes)
Type
data
This
MD5website uses cookies to enhance your browsing experience. Please note that by continuing to use this site you consent to the terms of our Data Protection
974e8536b8767ac5be204f35d16f73e8 Policy. (/data-protection-policy)
SHA1
https://www.hybrid-analysis.com/sample/ef1126e49969b426d8bc44ceb809f7090f0078ec79adf723110937eb87bd7ffe/5de8d51aa83237199b648d9a 5/8
09/02/2023, 21:54 Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'TecDoc Pegasus 3.0 AP…
e847897947a3db26e35cb7d490c688e8c410dfb7
SHA256
d1bb4b163fe01acc368a92b385bb0bd3a9fc2340b6d485b77a20553a713166d3
CE338828149963DCEA4CD26BB86F0363B4CA0BA5.crl
Overview (/sample/9009ab7605c35a2b5121b8b5c966b3c893edba9966925268c45ad05b348671c8) User Did Not Share ()
Hash Seen Before (/search?query=context:9009ab7605c35a2b5121b8b5c966b3c893edba9966925268c45ad05b348671c8&from_sample=5de8d51aa83237199b648d9a&block_redirect=1)
Size
425B (425 bytes)
Type
data
MD5
b1783b97d2072e141e12e8911e151704
SHA1
e3a9fe0da15be51286f39d6092e9126443669e49
SHA256
9009ab7605c35a2b5121b8b5c966b3c893edba9966925268c45ad05b348671c8
urlref_httpswebservice.tecalliance.servicespegasus-3-0servicesTecdocToCatDLW.soapEndpointapi_key_YOUR_API_KEY_HERE
Size
55B (55 bytes)
Type
text
Description
ASCII text, with no line terminators
Context
https://webservice.tecalliance.services/pegasus-3-0/services/TecdocToCatDLW.soapEndpoint?api_key=YOUR_API_KEY_HERE
MD5
88fb71b3c32dc482168a93838007767a
SHA1
7c0d1a270ce2329a86e5449ca577728ab2e22a6f
SHA256
9753665c8498fffd35f84adb9e5cb8748f577271df363c9ffb5e7b4cf80a3782
urlref_httpswebservice.tecalliance.servicespegasus-3-0servicesTecdocToCatDLB.soapEndpointdoc
Size
59KiB (59945 bytes)
Type
text
Description
XML 1.0 document text
Context
https://webservice.tecalliance.services/pegasus-3-0/services/TecdocToCatDLB.soapEndpoint?doc
MD5
9f9bfe1366e1cd77470d16a9c96feb68
SHA1
547940c850e7fa62d4de74abc5b87375b32a9c0f
SHA256
50c2fa79db6a741867f01b485ad33bb9e82dabdce266e5b68c15e92a6aaa1435
urlref_httpsdigital-assets.tecalliance.servicesimages5011c9534e207aa0a56f1158bf1a0a40e46a3f738a.jpg
Size
555B (555 bytes)
Type
This
imgwebsite uses cookies to enhance your browsing experience. Please note that by continuing to use this site you consent to the terms of our Data Protection
https://www.hybrid-analysis.com/sample/ef1126e49969b426d8bc44ceb809f7090f0078ec79adf723110937eb87bd7ffe/5de8d51aa83237199b648d9a 6/8
09/02/2023, 21:54 Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'TecDoc Pegasus 3.0 AP…
Context
https://digital-assets.tecalliance.services/images/50/11c9534e207aa0a56f1158bf1a0a40e46a3f738a.jpg
MD5
587db4d24aa9a75eb023e81e854a4b40
SHA1
58a61773b804ceb5503269c6ca6ae37a64757064
SHA256
af0a82d0e84413a8b4fca6592524ce6260d9f0742680269e5dde193fc659cc64
urlref_httpswebservice.tecalliance.servicespegasus-3-0info
Size
3.4KiB (3503 bytes)
Type
html
Description
HTML document, ASCII text
Context
https://webservice.tecalliance.services/pegasus-3-0/info/
MD5
498d3758caf0b25056d70267b19ea86e
SHA1
145435bbc05b5d184bc2870becf1ae1dcbc5db30
SHA256
0717830c433824b9098c1cbeae7acbff57c260afd7ba9602813dd14eaf3250c2
urlref_httpsgist.github.comta-sli3c70f3e26dd918e163c617d58f11a6ba
Size
88KiB (90318 bytes)
Type
html
Description
HTML document, UTF-8 Unicode text, with very long lines
Context
https://gist.github.com/ta-sli/3c70f3e26dd918e163c617d58f11a6ba
MD5
0ea5a382f7cdb5ff9b4110893712681d
SHA1
786c85c3de79ebea9dea9a13c5775898c9243694
SHA256
c847826deb6720bdf9f89ff87ee2708d20853460f225cc7cc8289fd74e000ce6
Notifications
Runtime
Environment 1
Community
https://www.hybrid-analysis.com/sample/ef1126e49969b426d8bc44ceb809f7090f0078ec79adf723110937eb87bd7ffe/5de8d51aa83237199b648d9a 7/8
09/02/2023, 21:54 Free Automated Malware Analysis Service - powered by Falcon Sandbox - Viewing online file analysis results for 'TecDoc Pegasus 3.0 AP…
This website uses cookies to enhance your browsing experience. Please note that by continuing to use this site you consent to the terms of our Data Protection
Policy. (/data-protection-policy)
https://www.hybrid-analysis.com/sample/ef1126e49969b426d8bc44ceb809f7090f0078ec79adf723110937eb87bd7ffe/5de8d51aa83237199b648d9a 8/8