General
-
Target
Illustrator_Set-Up.exe
-
Size
3.0MB
-
Sample
240211-27slnsec47
-
MD5
18c3d656a0af41f6b5179bf5eac5cd45
-
SHA1
7e3fbe48872824aa43c873d54d90656df49f619a
-
SHA256
d436385203eca897d8403bf04d6725a67b03315ea644eb6497b1a48c0e50d912
-
SHA512
b639603c71cbc1d9fa33c7231d446d11b548e99275868d4cb2baeffadce27d62245e9d06cf9f2d4674cb1de61fcfdac60b104ad42a039dd2d54b232c966df45e
-
SSDEEP
49152:uZnCRw3438x0TVDKNxOafuUYUc9no2IWkAyf1CQ+v5XxCv6PxeB:uARw3UJKHOa/Xffs0S5w
Malware Config
Targets
-
-
Target
Illustrator_Set-Up.exe
-
Size
3.0MB
-
MD5
18c3d656a0af41f6b5179bf5eac5cd45
-
SHA1
7e3fbe48872824aa43c873d54d90656df49f619a
-
SHA256
d436385203eca897d8403bf04d6725a67b03315ea644eb6497b1a48c0e50d912
-
SHA512
b639603c71cbc1d9fa33c7231d446d11b548e99275868d4cb2baeffadce27d62245e9d06cf9f2d4674cb1de61fcfdac60b104ad42a039dd2d54b232c966df45e
-
SSDEEP
49152:uZnCRw3438x0TVDKNxOafuUYUc9no2IWkAyf1CQ+v5XxCv6PxeB:uARw3UJKHOa/Xffs0S5w
Score10/10-
Detected adobe phishing page
-
Renames multiple (164) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
-
Deletes itself
-
Executes dropped EXE
-
Loads dropped DLL
-
Modifies file permissions
-
Registers COM server for autorun
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory
-
Suspicious use of SetThreadContext
-
MITRE ATT&CK Matrix ATT&CK v13
Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
2Defense Evasion
File and Directory Permissions Modification
1Modify Registry
3Subvert Trust Controls
1Install Root Certificate
1