4e085dd4d721815f4757f125761fddbf42d7d672380eb6627efd138c21146e42 | Triage

Sharing

General

Target

Visualizar-PDF.38105.msi
Size

732KB
Sample

240327-xmbp7sdc4t
MD5

bf440e49375e237d109f66a7cee79fc1
SHA1

32ee9706c1d532867af3ded30dfd67aea596028c
SHA256

4e085dd4d721815f4757f125761fddbf42d7d672380eb6627efd138c21146e42
SHA512

88d503d2dc8cd9970eeb489e89b772c8a56abe831c6aebae1b39824e22b913bc61ec42c3715b60ee3ec51afdeb809ba039fc5a59a85343c328d9d9f06b50baaf
SSDEEP

12288:UvXCtQ6QsN5lNOsw6vAUnBU7qax0EzIVYgvfVYsAgkWZT:UmQxsNcswvEU7J8VlvfVYsAgvZT

Score

7^/10

persistence

Malware Config

Targets

- Target
  
  Visualizar-PDF.38105.msi
- Size
  
  732KB
- MD5
  
  bf440e49375e237d109f66a7cee79fc1
- SHA1
  
  32ee9706c1d532867af3ded30dfd67aea596028c
- SHA256
  
  4e085dd4d721815f4757f125761fddbf42d7d672380eb6627efd138c21146e42
- SHA512
  
  88d503d2dc8cd9970eeb489e89b772c8a56abe831c6aebae1b39824e22b913bc61ec42c3715b60ee3ec51afdeb809ba039fc5a59a85343c328d9d9f06b50baaf
- SSDEEP
  
  12288:UvXCtQ6QsN5lNOsw6vAUnBU7qax0EzIVYgvfVYsAgkWZT:UmQxsNcswvEU7J8VlvfVYsAgvZT
Score

7^/10

persistence
- Drops startup file
- Adds Run key to start application
  persistence
- Blocklisted process makes network request
- Enumerates connected drives
  Attempts to read the root path of hard drives other than the default C: drive.
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2