Acrobat Cracker v.6.3.exe

General
Target

Acrobat Cracker v.6.3.exe

Size

1MB

Sample

201119-yhf9j7kt6n

Score
10 /10
MD5

41598929a42c3f2bb561cc704ddad70e

SHA1

c60a0243e7e6220daf6890015705cd5b299f4dc2

SHA256

91fb579cf12c337d31c8b753b06352cc334c3720568c2c6ddfe2dc164b5a8b1c

SHA512

2db2086b8bcdf8db2335353fb4c3ce2e5f49a1f3030eca4bfd21d7c87461550b3f28a042ed4e3191530d8285b1368c7e86b13d7f4daaf33bce76d6e24651d1f6

Malware Config
Targets
Target

Acrobat Cracker v.6.3.exe

MD5

41598929a42c3f2bb561cc704ddad70e

Filesize

1MB

Score
10 /10
SHA1

c60a0243e7e6220daf6890015705cd5b299f4dc2

SHA256

91fb579cf12c337d31c8b753b06352cc334c3720568c2c6ddfe2dc164b5a8b1c

SHA512

2db2086b8bcdf8db2335353fb4c3ce2e5f49a1f3030eca4bfd21d7c87461550b3f28a042ed4e3191530d8285b1368c7e86b13d7f4daaf33bce76d6e24651d1f6

Tags

Signatures

  • AgentTesla

    Description

    Agent Tesla is a remote access tool (RAT) written in visual basic.

    Tags

  • RedLine

    Description

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    Tags

  • AgentTesla Payload

  • Deletes itself

  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local System Credentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

  • Modifies service

    Tags

    TTPs

    Modify Registry Modify Existing Service
  • Suspicious use of SetThreadContext

Related Tasks

MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
    Execution
      Exfiltration
        Impact
          Initial Access
            Lateral Movement
              Privilege Escalation