089dc9a23f5eb868a6f6b8a6a901c2a29faef113ad296c8d40f6ce9de60f4b2d | Triage

Sharing

General

Target

AcroPro.msi
Size

12.6MB
Sample

231231-yandxadacn
MD5

532a49d9023337714c1ce4ba11f2efd2
SHA1

4c1959149f03212a5112cc4c6256b22c7455233e
SHA256

089dc9a23f5eb868a6f6b8a6a901c2a29faef113ad296c8d40f6ce9de60f4b2d
SHA512

2f43e077f25b1c9243b4ec6f7901c59c62d8caa45cca183490d62409a2ae7ca69a84dd36bbe21805ff3bdacb03aee9c4f255c5b3db50eee6a17e0cc5929eb61c
SSDEEP

98304:/iD6IPdb7aDxMoPE1Oul7NhJLMYydUEooaKI:wPt7aDxMouOeHJLiGBKI

Score

7^/10

Malware Config

Targets

- Target
  
  AcroPro.msi
- Size
  
  12.6MB
- MD5
  
  532a49d9023337714c1ce4ba11f2efd2
- SHA1
  
  4c1959149f03212a5112cc4c6256b22c7455233e
- SHA256
  
  089dc9a23f5eb868a6f6b8a6a901c2a29faef113ad296c8d40f6ce9de60f4b2d
- SHA512
  
  2f43e077f25b1c9243b4ec6f7901c59c62d8caa45cca183490d62409a2ae7ca69a84dd36bbe21805ff3bdacb03aee9c4f255c5b3db50eee6a17e0cc5929eb61c
- SSDEEP
  
  98304:/iD6IPdb7aDxMoPE1Oul7NhJLMYydUEooaKI:wPt7aDxMouOeHJLiGBKI
Score

7^/10
- Loads dropped DLL
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2