General
-
Target
acdseeultimate.exe
-
Size
1.3MB
-
Sample
230921-xkh2hahh8t
-
MD5
ce92ed20863f16a94866b0315767984f
-
SHA1
88e60b3ff14e165ff99e18bd2b611ff5010584db
-
SHA256
61f340e8c0df2eaa3d886b5b226964f6425039017676c1e10cff661797377334
-
SHA512
10dc81d0ab0747c8dc8b7ddfe999a0bbe72793613ce367c7f6bf5b0ed92aa0c3b454329b65e0e687ec29198c578dd1536b83fae3fd92a903703f3803554d68bf
-
SSDEEP
24576:JNlONzIQYvGLwkFYxkaLA5ptz7orG9D1XnLx16WgzJv:3lwaczFR/xorG9pt13yv
Malware Config
Targets
-
-
Target
acdseeultimate.exe
-
Size
1.3MB
-
MD5
ce92ed20863f16a94866b0315767984f
-
SHA1
88e60b3ff14e165ff99e18bd2b611ff5010584db
-
SHA256
61f340e8c0df2eaa3d886b5b226964f6425039017676c1e10cff661797377334
-
SHA512
10dc81d0ab0747c8dc8b7ddfe999a0bbe72793613ce367c7f6bf5b0ed92aa0c3b454329b65e0e687ec29198c578dd1536b83fae3fd92a903703f3803554d68bf
-
SSDEEP
24576:JNlONzIQYvGLwkFYxkaLA5ptz7orG9D1XnLx16WgzJv:3lwaczFR/xorG9pt13yv
Score10/10-
Modifies firewall policy service
-
Blocklisted process makes network request
-
Downloads MZ/PE file
-
Sets file execution options in registry
-
Adds Run key to start application
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
3Registry Run Keys / Startup Folder
3Create or Modify System Process
1Windows Service
1