{ "type": "SHA1", "indicator": "38f5426443a86a92f94de5c7cfbcda4b08bb3a26", "general": { "sections": [ "general", "analysis" ], "type": "sha1", "type_title": "FileHash-SHA1", "indicator": "38f5426443a86a92f94de5c7cfbcda4b08bb3a26", "validation": [], "base_indicator": { "id": 4348773778, "indicator": "11168d75e304a76348d0ae6bb946aba4", "type": "FileHash-MD5", "title": "", "description": "", "content": "", "access_type": "public", "access_reason": "" }, "pulse_info": { "count": 3, "pulses": [ { "id": "69fd8916c718cee78b1d08d1", "name": "CAPE Sandbox - Borland Delphi + added other malic win [exe]", "description": "[Malware Analysis System Evasion (MZP) report has been generated by Yara, a community-based security firm.] Delphi and other win[exe] all malicious- sandboxed runs only.", "modified": "2026-05-08T10:32:41.135000", "created": "2026-05-08T06:56:22.767000", "tags": [ "url http", "ipv4", "strong", "library", "address virtual", "cname", "size", "file type", "mwdb", "bazaar", "sha3384", "ssdeep", "accept", "shutdown", "sandbox", "stack", "windows sandbox", "clear filters", "calls process", "pe file", "sample", "performs dns", "yara", "https", "urls", "mitre attack", "network info", "processes extra", "command", "malicious", "delphi", "defense evasion", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 304, "FileHash-SHA1": 239, "FileHash-SHA256": 499, "IPv4": 95, "hostname": 326, "URL": 275, "domain": 84, "email": 3 }, "indicator_count": 1825, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 }, { "id": "69fd89a0d875f839031c7257", "name": "CAPE Sandbox - Borland Delphi + added other malic win [exe]", "description": "[Malware Analysis System Evasion (MZP) report has been generated by Yara, a community-based security firm.] Delphi and other win[exe] all malicious- sandboxed runs only.", "modified": "2026-05-08T06:58:40.278000", "created": "2026-05-08T06:58:40.278000", "tags": [ "url http", "ipv4", "strong", "library", "address virtual", "cname", "size", "file type", "mwdb", "bazaar", "sha3384", "ssdeep", "accept", "shutdown", "sandbox", "stack", "windows sandbox", "clear filters", "calls process", "pe file", "sample", "performs dns", "yara", "https", "urls", "mitre attack", "network info", "processes extra", "command", "malicious", "delphi", "defense evasion", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 198, "FileHash-SHA1": 139, "FileHash-SHA256": 399, "IPv4": 55, "hostname": 201, "URL": 76, "domain": 30 }, "indicator_count": 1098, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 }, { "id": "69fd8918bf6e94d6a4740f1c", "name": "CAPE Sandbox - Borland Delphi + added other malic win [exe]", "description": "[Malware Analysis System Evasion (MZP) report has been generated by Yara, a community-based security firm.] Delphi and other win[exe] all malicious- sandboxed runs only.", "modified": "2026-05-08T06:56:24.079000", "created": "2026-05-08T06:56:24.079000", "tags": [ "url http", "ipv4", "strong", "library", "address virtual", "cname", "size", "file type", "mwdb", "bazaar", "sha3384", "ssdeep", "accept", "shutdown", "sandbox", "stack", "windows sandbox", "clear filters", "calls process", "pe file", "sample", "performs dns", "yara", "https", "urls", "mitre attack", "network info", "processes extra", "command", "malicious", "delphi", "defense evasion", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 198, "FileHash-SHA1": 139, "FileHash-SHA256": 399, "IPv4": 55, "hostname": 201, "URL": 76, "domain": 30 }, "indicator_count": 1098, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 } ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ" ], "related": { "alienvault": { "adversary": [], "malware_families": [], "industries": [] }, "other": { "adversary": [], "malware_families": [], "industries": [] } } }, "false_positive": [] }, "geo": {}, "geo_ipapicom": {}, "pulse_count": 3, "pulses": [ { "id": "69fd8916c718cee78b1d08d1", "name": "CAPE Sandbox - Borland Delphi + added other malic win [exe]", "description": "[Malware Analysis System Evasion (MZP) report has been generated by Yara, a community-based security firm.] Delphi and other win[exe] all malicious- sandboxed runs only.", "modified": "2026-05-08T10:32:41.135000", "created": "2026-05-08T06:56:22.767000", "tags": [ "url http", "ipv4", "strong", "library", "address virtual", "cname", "size", "file type", "mwdb", "bazaar", "sha3384", "ssdeep", "accept", "shutdown", "sandbox", "stack", "windows sandbox", "clear filters", "calls process", "pe file", "sample", "performs dns", "yara", "https", "urls", "mitre attack", "network info", "processes extra", "command", "malicious", "delphi", "defense evasion", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 304, "FileHash-SHA1": 239, "FileHash-SHA256": 499, "IPv4": 95, "hostname": 326, "URL": 275, "domain": 84, "email": 3 }, "indicator_count": 1825, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "23 days ago ", "is_modified": true, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 }, { "id": "69fd89a0d875f839031c7257", "name": "CAPE Sandbox - Borland Delphi + added other malic win [exe]", "description": "[Malware Analysis System Evasion (MZP) report has been generated by Yara, a community-based security firm.] Delphi and other win[exe] all malicious- sandboxed runs only.", "modified": "2026-05-08T06:58:40.278000", "created": "2026-05-08T06:58:40.278000", "tags": [ "url http", "ipv4", "strong", "library", "address virtual", "cname", "size", "file type", "mwdb", "bazaar", "sha3384", "ssdeep", "accept", "shutdown", "sandbox", "stack", "windows sandbox", "clear filters", "calls process", "pe file", "sample", "performs dns", "yara", "https", "urls", "mitre attack", "network info", "processes extra", "command", "malicious", "delphi", "defense evasion", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 198, "FileHash-SHA1": 139, "FileHash-SHA256": 399, "IPv4": 55, "hostname": 201, "URL": 76, "domain": 30 }, "indicator_count": 1098, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 }, { "id": "69fd8918bf6e94d6a4740f1c", "name": "CAPE Sandbox - Borland Delphi + added other malic win [exe]", "description": "[Malware Analysis System Evasion (MZP) report has been generated by Yara, a community-based security firm.] Delphi and other win[exe] all malicious- sandboxed runs only.", "modified": "2026-05-08T06:56:24.079000", "created": "2026-05-08T06:56:24.079000", "tags": [ "url http", "ipv4", "strong", "library", "address virtual", "cname", "size", "file type", "mwdb", "bazaar", "sha3384", "ssdeep", "accept", "shutdown", "sandbox", "stack", "windows sandbox", "clear filters", "calls process", "pe file", "sample", "performs dns", "yara", "https", "urls", "mitre attack", "network info", "processes extra", "command", "malicious", "delphi", "defense evasion", "next" ], "references": [ "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_CAPE%20Sandbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223081&Signature=Hm63tZKeRZujdUn11Hi%2BwTAevMctFRDZDQ9GnFQsB%2BN1N%2FxQN3pkPwwuAScaiiliHBcXgCSUXI3gph1Bgmh%2BdMALu8FKmvwYRvuq4xYlXAZvyQFUN1xr4%2FxkpnRhr0tiskf4kWXDZvlBCW1H1K3mKSkT6vkjiEn6xDLVUO1Eo8ESJDnnsTshk3vIiXlAhodWtrJS8RTgA%2BjhGCgU3IruiA3O5nxWwIJSLMrM7pRI1zgAy%2BH0", "https://vtbehaviour.commondatastorage.googleapis.com/561f94715c481c0e616cf1907d86e522afe9186f8365ab3a35d7872b2653580b_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223201&Signature=UbPDmnyT2j%2B5gbsHnwxLwuxti6r6ukPXUh%2BIz3I0VhnZa%2FV0coDJPx%2FvqkOMdu%2F8UuONZpVTl28tlerH%2FsZNK6YpFPgUmrFXYJx6c%2B6W7%2FC1yC8TeC5lN4%2F0h19KcjvCdFGNFgLhigH62wxU2GkmZT5jz8ISZhkAzkReVhdaZA7vYQnLQZvpvEQGScnuZc0PZSANsAvfN2lyqBDH%2FpGFc%2BDpfNGnnFYsjJ", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_VirusTotal%20Jujubox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223336&Signature=avokLSiN2%2B14P94v4u5P%2FljfsWv2nqNJdQpMmRl88Esart7da%2BE4E1d0d7MXavOLWEHHt09QYchkV3iMo3Ia%2Fr49jeO5ZALtnuDrJMAvU6Js5MUrkqPT0R9LZ9b4vcG3hrHPF%2Fu9EiVhYII3bhmK5CjnHDF44L4qtE8vVkw03lOx1XpgUhdTK6rRzXALQ1tqKrDE5LUh7S9giv0VZz7aqV%2B9Ch%2Fb%2BGPU3mis2wnh", "https://vtbehaviour.commondatastorage.googleapis.com/9d9b74f13b0001184ea51257e446bd317e5180e0ed856e7dfb7d92d1fb7c9df9_Zenbox.html?GoogleAccessId=758681729565-rc7fgq07icj8c9dm2gi34a4cckv235v1@developer.gserviceaccount.com&Expires=1778223386&Signature=0oCtLpyEmobttCQJza34xagBptN0LmmC7kxt51fgm7nEEyRcpEzZPo%2F9OF9ZpJJs%2FJTtDEqFP8FURlT79ioFjN8T2fu7lRrL2P5%2FDzcAfYlZJvnOu%2F4fFq%2FdqmL%2F6MWyaEcrew5K1Cn3RbD7cjqTe4M82GVyxYd9lWiO0ZQ2VTe9%2FLUCyFptCg7zsZk2cHhjDYTSW36tQUoEksDtMNaANFYM2mSxRPOXZ5XRzzF6WOvQjsjwrIqay2dk" ], "public": 1, "adversary": "", "targeted_countries": [], "malware_families": [], "attack_ids": [ { "id": "T1027", "name": "Obfuscated Files or Information", "display_name": "T1027 - Obfuscated Files or Information" }, { "id": "T1055", "name": "Process Injection", "display_name": "T1055 - Process Injection" }, { "id": "T1071", "name": "Application Layer Protocol", "display_name": "T1071 - Application Layer Protocol" }, { "id": "T1082", "name": "System Information Discovery", "display_name": "T1082 - System Information Discovery" }, { "id": "T1083", "name": "File and Directory Discovery", "display_name": "T1083 - File and Directory Discovery" }, { "id": "T1112", "name": "Modify Registry", "display_name": "T1112 - Modify Registry" }, { "id": "T1553", "name": "Subvert Trust Controls", "display_name": "T1553 - Subvert Trust Controls" }, { "id": "T1574", "name": "Hijack Execution Flow", "display_name": "T1574 - Hijack Execution Flow" }, { "id": "T1057", "name": "Process Discovery", "display_name": "T1057 - Process Discovery" }, { "id": "T1059", "name": "Command and Scripting Interpreter", "display_name": "T1059 - Command and Scripting Interpreter" }, { "id": "T1095", "name": "Non-Application Layer Protocol", "display_name": "T1095 - Non-Application Layer Protocol" }, { "id": "T1497", "name": "Virtualization/Sandbox Evasion", "display_name": "T1497 - Virtualization/Sandbox Evasion" }, { "id": "T1518", "name": "Software Discovery", "display_name": "T1518 - Software Discovery" }, { "id": "T1573", "name": "Encrypted Channel", "display_name": "T1573 - Encrypted Channel" } ], "industries": [], "TLP": "green", "cloned_from": null, "export_count": 1, "upvotes_count": 0, "downvotes_count": 0, "votes_count": 0, "locked": false, "pulse_source": "web", "validator_count": 0, "comment_count": 0, "follower_count": 0, "vote": 0, "author": { "username": "msudosos", "id": "381696", "avatar_url": "https://otx.alienvault.com/assets/images/default-avatar.png", "is_subscribed": false, "is_following": false }, "indicator_type_counts": { "FileHash-MD5": 198, "FileHash-SHA1": 139, "FileHash-SHA256": 399, "IPv4": 55, "hostname": 201, "URL": 76, "domain": 30 }, "indicator_count": 1098, "is_author": false, "is_subscribing": null, "subscriber_count": 66, "modified_text": "23 days ago ", "is_modified": false, "groups": [], "in_group": false, "threat_hunter_scannable": true, "threat_hunter_has_agents": 1, "related_indicator_type": "FileHash-SHA256", "related_indicator_is_active": 1 } ], "error": null, "vt": { "error": "VirusTotal rate limit reached. Try again shortly.", "indicator": "38f5426443a86a92f94de5c7cfbcda4b08bb3a26", "type": "Hash" }, "abuseipdb": null, "urlhaus": null, "from_cache": true, "_cached_at": 1780328595.289038 }