21c3dda1705a30f4d677e8bfbda332ca184e75fa377bf83e64e579209f360962

Sharing

Copy URL

Twitter E-mail

General

Target

Acrylic.exe
Size

742KB
Sample

240522-zhb7aafg9w
MD5

8c77fcf5f467626fb50dec55cccbe3b3
SHA1

654f9503633c2c82f592f9ba079dc0e966615e25
SHA256

21c3dda1705a30f4d677e8bfbda332ca184e75fa377bf83e64e579209f360962
SHA512

c51807bb1350c7362fa5754b01cbbef5a3f37b821c28dd175d5845b601ed74ab567621a6e0e7c5add3aa02dadea83dafc2a8a12d02bde85043051a227ff32cde
SSDEEP

12288:oC07G2USZ3Ix8oPYSK8U4tGNJzzCUzgOAF33HvPLC0d0fGCxzGyFLdFINnq:ov7G2T3uP9KX4sNJXCUzgOK3HbSACFsq

Score

8^/10

discovery persistence

Malware Config

Targets

- Target
  
  Acrylic.exe
- Size
  
  742KB
- MD5
  
  8c77fcf5f467626fb50dec55cccbe3b3
- SHA1
  
  654f9503633c2c82f592f9ba079dc0e966615e25
- SHA256
  
  21c3dda1705a30f4d677e8bfbda332ca184e75fa377bf83e64e579209f360962
- SHA512
  
  c51807bb1350c7362fa5754b01cbbef5a3f37b821c28dd175d5845b601ed74ab567621a6e0e7c5add3aa02dadea83dafc2a8a12d02bde85043051a227ff32cde
- SSDEEP
  
  12288:oC07G2USZ3Ix8oPYSK8U4tGNJzzCUzgOAF33HvPLC0d0fGCxzGyFLdFINnq:ov7G2T3uP9KX4sNJXCUzgOK3HbSACFsq
Score

8^/10

discovery persistence
- Sets service image path in registry
  persistence
- Executes dropped EXE
- Loads dropped DLL
- Modifies file permissions
  discovery
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  89351a0a6a89519c86c5531e20dab9ea
- SHA1
  
  9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00
- SHA256
  
  f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277
- SHA512
  
  13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08
- SSDEEP
  
  384:/MnT0MKT/Xwr2izZQ86mpAT8F9lN8Ov0J:EQMKzwTFnVX8i0
Score

3^/10
behavioral3 behavioral4
- Target
  
  AcrylicConsole.exe
- Size
  
  445KB
- MD5
  
  7cc20e36ce5992ac1d41a4719c9a6e31
- SHA1
  
  941900adfd85a1823a2f58ae15b76036a4862ed3
- SHA256
  
  10b65511903694caebdc48a6301912d6e220e1101528800fca18db6b48f515f4
- SHA512
  
  b14edb1bd0ded697adeb81e6b4739289ad101bfc72ef5a52e25d4cb486ade667958bcd5f89da2ffdf9d10021f4d5e878608cb0e241e6ea1cad7f9afb7490ec2a
- SSDEEP
  
  12288:M+vnuCQI8OPfzFqOTRQxai1DeIHngCtf:MI/QqqOl4nlQCZ
Score

1^/10
behavioral5 behavioral6
- Target
  
  AcrylicService.exe
- Size
  
  755KB
- MD5
  
  939115bde53068322bfb4d3cbac32f9a
- SHA1
  
  68598f57932cc09d6b35a591426a2e83bdf28f34
- SHA256
  
  ea85e594e9b0c7c73cdb35d74670d02f07a7d19fcf80c4f188408e7b442c60a1
- SHA512
  
  d1991f9fcfad62c21e861898f3d1dd6700932e43a98b97d8dcf178c95baed3814e20fd447cc761670ed840d6e7afcec5f1fe8813552bedf646df8101a457ea79
- SSDEEP
  
  12288:EWQbkuNteorxKoUWCW2Xl4pTLsDx4ZkeTIooUzBaAxqVIrBuHnqp06h:EWW3YorxGPRl4BLax4ZkeshoaAxqVId8
Score

1^/10
behavioral7 behavioral8
- Target
  
  AcrylicUI.exe
- Size
  
  572KB
- MD5
  
  9f82dc46fad4bf327e63fe92cbb9702c
- SHA1
  
  cbe517a40db31b48a988d7791454a53b19e41436
- SHA256
  
  68183b903249c26d90d214fa1b60d53f5d100af8f87da5847769230bca189693
- SHA512
  
  f704757c32b5608c679b5948c9ba5176442c353ab217ffac67c9004cff6f220367096fabca75b04ed5948572cb94dffa23d12d2acff459d6f0177502e8d2b7fe
- SSDEEP
  
  12288:N+yaodvZrLi3YH0ASp1gzb2T/aheTLEw5OFHnGtKX2:N+5orBwp2b0yhe/h5ZtKX
Score

1^/10
behavioral10 behavioral9
- Target
  
  ActivateAcrylicDebugLog.bat
- Size
  
  48B
- MD5
  
  dac41f46516d6dfc78712a1c0b5578c9
- SHA1
  
  99a325c5742b2c680db890a1a3e2c740cbeb9515
- SHA256
  
  d67ed9f652fb2761e66865a969f8676ff4f8ca5024679dc6b070b53829f434dc
- SHA512
  
  92706fc90f8b9512c717a4c1e0d323c5e4a191c4d86e0778a6ae308f884b09a15a5a3aa96346c9399eff14062cdf4a7bc0f411dfd16689eab8b8d8581db18897
Score

1^/10
behavioral11 behavioral12
- Target
  
  DeactivateAcrylicDebugLog.bat
- Size
  
  50B
- MD5
  
  f7c238701c9c86765f07533a6f5e9901
- SHA1
  
  108e503163721467d4938dd65889d95b7ccdd4c7
- SHA256
  
  c3bee43311311fe275cff0626b4804ddb239330a587d7bf4884f0cc6908b6e51
- SHA512
  
  6edd350a80373692d68d1689cc5dcab5b0d9c9eec19ef84b435d917393dfc421e73e14f49ac2f86145b507873447cf85b0adbddd96abe38fc376f11f0c0606d0
Score

1^/10
behavioral13 behavioral14
- Target
  
  InstallAcrylicService.bat
- Size
  
  46B
- MD5
  
  55ea51628ff67e4ee11a7f2685a32d2f
- SHA1
  
  243d144602cce10414aac73fd4ca9536fe535db9
- SHA256
  
  d2f7679e5097ed1a9aeadb7af86ed7705fe96ace3a7e58996c0d3ab20b69182e
- SHA512
  
  c5d4c0dc3ce6b7858753584ba48d19feaf9b4f834724a798f005763b06aa83740400066ee914a4c2823f5c0b5eb054255968e1b2069588ab04dd032bd591f0e8
Score

8^/10

discovery persistence
- Sets service image path in registry
  persistence
- Modifies file permissions
  discovery
behavioral15 behavioral16
- Target
  
  OpenAcrylicConfigurationFile.bat
- Size
  
  71B
- MD5
  
  6c0ea3a94f8a1025327cf0e41bc3b12c
- SHA1
  
  04b79d32c81d20e79652c5e923473d9636fc497e
- SHA256
  
  4e5a2bf6d7df6bd71a1a779cc18f03470eb41b4801f854a0be447c70a5c05c3a
- SHA512
  
  0d076b253d37d270174f465aea930c2b76ea68b2eeb463a8775e795c0709a2aa6056493fa1951adc7c2692363073c22ac91566299e380753efed3188c5b07283
Score

1^/10
behavioral17 behavioral18
- Target
  
  OpenAcrylicHostsFile.bat
- Size
  
  63B
- MD5
  
  eae9e960f0321dc92b1ceabbfcbd2870
- SHA1
  
  90d13ec738de42ba9a68774fd72f9f3dc13b498f
- SHA256
  
  be0836499a5d92f76b367a41e3ac971330acb18313c76b4720a0f8480e4bee9a
- SHA512
  
  310afae95917ff939d9ac9561816564574e8c3adc2442ecbd3eb858aa05503b0df7d1d99cde9b7d2822277215d85a74e3e713dd47e852f2a92a0c3572ad55581
Score

1^/10
behavioral19 behavioral20
- Target
  
  PurgeAcrylicCacheData.bat
- Size
  
  46B
- MD5
  
  a69ff4c18363c9cd29f5c6e6aae04953
- SHA1
  
  a4e719ed79a0eddf0ce253d719a3a201bb0b0d7d
- SHA256
  
  9869b7ae68f2fc04d5582067726b0a8fd04817b8369eb2ee44821305c7e425bc
- SHA512
  
  2f69b6aed6c7f5d2b51dafd0c67eab7b7114954ee83d152b17c075636628ea028d4abc9d9343a1d67ccbf1a4a0a81c8e0d1407134fcb3c9073f8c893171d27c3
Score

1^/10
behavioral21 behavioral22
- Target
  
  RestartAcrylicService.bat
- Size
  
  46B
- MD5
  
  300f602a394389e7178676864139515c
- SHA1
  
  25dfcfcf3397dff382d89f495be1b49f721defe3
- SHA256
  
  a8a7d34fd97a2b9ec648f6628d57e34023c2e917d652bc6d67c0f56c9c1d182d
- SHA512
  
  a59ce41af8dfa50da37fe3e54d101b963a311423f21d82287192949ba0f3a62682e65d03edad4f2f42b0e759e1b30a4658c25e057721b8a05c926ee12b4228d7
Score

1^/10
behavioral23 behavioral24
- Target
  
  StartAcrylicService.bat
- Size
  
  44B
- MD5
  
  ce998977415ada2c93ca80b2ef8256c7
- SHA1
  
  0efe7f8748b78a1953d3395a695ed5a04897b8c3
- SHA256
  
  4115ca9a7138b33603cad95f8df319a856b15fe7126db6c834576ec02effcfd8
- SHA512
  
  2c4b588eb9aba5c7f81bb9be82295265af35223f45668c52b14530394652c403ac523df61f7e37064919449e0c830af6649b4b15655c9bd292a92ff55b1c31cd
Score

1^/10
behavioral25 behavioral26
- Target
  
  StopAcrylicService.bat
- Size
  
  43B
- MD5
  
  6b1b906aca3951f63f8e9d9f47750770
- SHA1
  
  d25a0a1f97afa95ca60510c8f669bbaf70a3d356
- SHA256
  
  7604d2ef40315a8f751602bff6d36e4c036857d24dffdea35cf8f38c9215c3cd
- SHA512
  
  7b7c3fe15f61304b3f03472d010329c4f8b2dbce0e6c8870954afe9e290f5aabd41b5f1ad88cbd0dbb960de70aefb77b77e707020e31690c355b60b72f5c5165
Score

1^/10
behavioral27 behavioral28
- Target
  
  Uninstall.exe
- Size
  
  72KB
- MD5
  
  ada07b70b8db564ea7b0a26d13fb4129
- SHA1
  
  9c81f0c84989f36d55d48e7d3b0393c2b21b2acf
- SHA256
  
  7e78d44648f3be061a984b5ba00b2a6b9172c070f03c823b852a67d78a880ee5
- SHA512
  
  61f56d6c6df7c309a0358e5a767ea730a9a75090a1246fb49d32b762aa4ce21401bd2e8be7f45d9e6c5a015561ef9b2f345af6db415d795e2708373012fc7edd
- SSDEEP
  
  1536:GErPZ3IBZcbTfu1HlrJFCPcbPnbgdLeAyNZNsO49on0csK:9PC23aJFC0bPnbceAyl/n0K
Score

7^/10
- Executes dropped EXE
- Loads dropped DLL
behavioral29 behavioral30
- Target
  
  $PLUGINSDIR/InstallOptions.dll
- Size
  
  15KB
- MD5
  
  89351a0a6a89519c86c5531e20dab9ea
- SHA1
  
  9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00
- SHA256
  
  f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277
- SHA512
  
  13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08
- SSDEEP
  
  384:/MnT0MKT/Xwr2izZQ86mpAT8F9lN8Ov0J:EQMKzwTFnVX8i0
Score

3^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Sets service image path in registry

Executes dropped EXE

Loads dropped DLL

Modifies file permissions

Sets service image path in registry

Modifies file permissions

Executes dropped EXE

Loads dropped DLL

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32