Overview

overview

8

Static

static

1

Adobe.Acro...35.exe

windows10-2004-x64

8

Resubmissions

22-03-2023 02:46

230322-c9sa9aee39 8

22-03-2023 01:36

230322-b1czjagb7s 8

22-03-2023 01:07

230322-bgrctaea48 8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Adobe.Acrobat.Pro.DC.v2021.001.20135.exe

  • Size

    528.3MB

  • Sample

    230322-c9sa9aee39

  • MD5

    09b175cc20f71f078778341e8cd48d3e

  • SHA1

    68c54bed51fd40c988515cb513cf264a7166c36e

  • SHA256

    4255c508b4b857cd52ad55c6aa10bef03c5b4136d4eaae4b8c487b33df0cad3a

  • SHA512

    2e17149b814b7de16eaadaec8618fe342732e9723c2b51bbd0f1981eabcd98b350ff52c763dce4c5e3c19a78d377fd05fe1b041535c3aa6e61e771a4ce3b0192

  • SSDEEP

    12582912:5hWCN8tGMrRWf+2Ny/3EUha/zOID8xPvE7fZeZ7DoAVhC:5oc80Mr/2y/0UwbOID2MkZnoohC

Score
8/10
adwareevasionpersistencestealer

Malware Config

Targets

    • Target

      Adobe.Acrobat.Pro.DC.v2021.001.20135.exe

    • Size

      528.3MB

    • MD5

      09b175cc20f71f078778341e8cd48d3e

    • SHA1

      68c54bed51fd40c988515cb513cf264a7166c36e

    • SHA256

      4255c508b4b857cd52ad55c6aa10bef03c5b4136d4eaae4b8c487b33df0cad3a

    • SHA512

      2e17149b814b7de16eaadaec8618fe342732e9723c2b51bbd0f1981eabcd98b350ff52c763dce4c5e3c19a78d377fd05fe1b041535c3aa6e61e771a4ce3b0192

    • SSDEEP

      12582912:5hWCN8tGMrRWf+2Ny/3EUha/zOID8xPvE7fZeZ7DoAVhC:5oc80Mr/2y/0UwbOID2MkZnoohC

    Score
    8/10
    adwareevasionpersistencestealer

    • Blocklisted process makes network request

    • Modifies Windows Firewall

      evasion

    • Registers new Print Monitor

      persistence

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Enumerates connected drives

      Attempts to read the root path of hard drives other than the default C: drive.

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Modify Existing Service

1
T1031

Registry Run Keys / Startup Folder

4
T1060

Browser Extensions

1
T1176

Privilege Escalation

Defense Evasion

Modify Registry

6
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

5
T1082

Peripheral Device Discovery

2
T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks