General

  • Target

    Adobe Reader 21.exe

  • Size

    187.3MB

  • Sample

    210531-vxgdjjww4x

  • MD5

    c011efc2507972ef426ccc84bf343f14

  • SHA1

    eae1d855d26402d137dc019b4f689d8c3a2647e5

  • SHA256

    553324768fe78ae7889d0792382a7d8365bc54ffafc95bdda8e91ee1fa56c31e

  • SHA512

    a8c102a3ca8c0c5026b1533948006e3fbcea41d0062cd682af7a2b07d0231e83dddc53a6162549bab9e176e8c7caaf0887b6cfc54ba1a50bff0915ad0f06fb3e

Malware Config

Targets

    • Target

      Adobe Reader 21.exe

    • Size

      187.3MB

    • MD5

      c011efc2507972ef426ccc84bf343f14

    • SHA1

      eae1d855d26402d137dc019b4f689d8c3a2647e5

    • SHA256

      553324768fe78ae7889d0792382a7d8365bc54ffafc95bdda8e91ee1fa56c31e

    • SHA512

      a8c102a3ca8c0c5026b1533948006e3fbcea41d0062cd682af7a2b07d0231e83dddc53a6162549bab9e176e8c7caaf0887b6cfc54ba1a50bff0915ad0f06fb3e

    • Registers COM server for autorun

    • Suspicious use of NtCreateUserProcessOtherParentProcess

    • Blocklisted process makes network request

    • Executes dropped EXE

    • Modifies Installed Components in the registry

    • Sets file execution options in registry

    • Loads dropped DLL

    • Drops desktop.ini file(s)

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

3
T1060

Browser Extensions

1
T1176

Defense Evasion

Modify Registry

4
T1112

Discovery

Query Registry

1
T1012

Peripheral Device Discovery

1
T1120

System Information Discovery

2
T1082

Tasks