Security Magic

Updated Nov 22, 2023 Updated notes are at the bottom of the page. Hello World! I am investigating a new malware loader and calling this unknown loader Hydra Seven . Here are some of the details. Over the past several weeks there has been some limited chatter about an interesting suspicious PDF software (pdfconverters.exe, pdfunk.exe). The first details I've run across with this were found on this twitter post https://twitter.com/neonprimetime/status/1711510658959749324 . The initial analysis suggests the malware may be related to redline through some heuristic detections from a couple security vendors. This is possible, though I haven't been able to verify Redline yet, I'm still working on it. I started digging a bit into the pdfconverters.exe, which leads to a download and install of AppData\Local\Temp\PDFunk-Setup.exe then ultiamtely AppData\Local\Programs\PDFunk\PDFunk.exe. Traffic when running PDFunk.exe shows a User-Agent that includes "PDFunk/1.0.0 ...