fb91b2fcd4328cb17fd8a00897cf9291736a85af6c54326539b851381463256d

Sharing

Copy URL

Twitter E-mail

General

Target

AutokromaAfterCodecsv1.10.15.x64.k.taiwebs.com.zip
Size

28.0MB
Sample

240818-akyqmavdje
MD5

37becbc0cda88860ded5403e1a790037
SHA1

6ccbeb2343f9b0b4e3f2714b86a5a8435511842d
SHA256

fb91b2fcd4328cb17fd8a00897cf9291736a85af6c54326539b851381463256d
SHA512

5aa1d37d399de44a9f024e753ea0df9e816057d12fdaa9c2c499bf161c958964f148c23ceab61c0fe7275503ceb0485241c4a0ae8fdfe5f3215ccb1591007673
SSDEEP

393216:q0ryi3njJxIPWCsXKNVzd+S3zzMWts8HXUfLGzQSKczMVwD6fca7kU2cl:q0jIsXKNVzJHMWVkfCRz5efcLE

Score

7^/10

Malware Config

Targets

- Target
  
  Autokroma AfterCodecs v1.10.15 (x64)/AfterCodecs v1.10.15 Installer.exe
- Size
  
  10.9MB
- MD5
  
  fa08e197c6b5f3d6430777221badf9cb
- SHA1
  
  9b52b08c05be79cf25287fdb41f6e76e8555dcee
- SHA256
  
  e64295937f3b5c1103d03af552b86e7f110811108782fbcbfc98c1b451d45b1e
- SHA512
  
  b13c9172ca978248954fea817897e13f7c23f9aebb10ea62849b737bf5ef623ae445f0e9ee1a6e7d44824e0486b1c53bff8fe75c38a13e4a5257bfb23db8e0fc
- SSDEEP
  
  196608:VFCNROk236ObRaJE6P2IVsntAZlH/5ytXzRdn8djC9OnhOWKeRR4NN5Ugoqo94rA:VF6ER3LMJEVsJ/st0j5cWKeRUN5/o9wA
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  11KB
- MD5
  
  fbe295e5a1acfbd0a6271898f885fe6a
- SHA1
  
  d6d205922e61635472efb13c2bb92c9ac6cb96da
- SHA256
  
  a1390a78533c47e55cc364e97af431117126d04a7faed49390210ea3e89dd0e1
- SHA512
  
  2cb596971e504eaf1ce8e3f09719ebfb3f6234cea5ca7b0d33ec7500832ff4b97ec2bbe15a1fbf7e6a5b02c59db824092b9562cd8991f4d027feab6fd3177b06
- SSDEEP
  
  192:yPtkiQJr7V9r3Ftr87NfwXQ6whlgi62V7i77blbTc4DI:N7Vxr8IgLgi3sVc4
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/nsDialogs.dll
- Size
  
  9KB
- MD5
  
  ab101f38562c8545a641e95172c354b4
- SHA1
  
  ec47ac5449f6ee4b14f6dd7ddde841a3e723e567
- SHA256
  
  3cdf3e24c87666ed5c582b8b028c01ee6ac16d5a9b8d8d684ae67605376786ea
- SHA512
  
  72d4b6dc439f40b7d68b03353a748fc3ad7ed10b0401741c5030705d9b1adef856406075e9ce4f1a08e4345a16e1c759f636c38ad92a57ef369867a9533b7037
- SSDEEP
  
  96:o3W4JlD3c151V1gQoE8cxM2DjDf3GEst+Nt+jvcx4K8qndYv0PLE:o3p3ggQF8REskpxZdO0PLE
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/nsResize.dll
- Size
  
  4KB
- MD5
  
  aa849e7407cf349021812f62c001e097
- SHA1
  
  4cbb55b1d1dd95dcb7a36b5a44121ad4934539af
- SHA256
  
  29b0e5792679756a79d501e3a9b317971b08e876fac1c2476180d0ae83b77ba5
- SHA512
  
  4556baa49e8182d72e29e8d809635312142eb127039f5803ca0bf011b4359f0b584a670a3bd26a9969165a332cfa14a39abeaeae0b4d90519f91fdea755c54de
- SSDEEP
  
  96:Grb+u7Dk2IFEZsO22AxqX4PJ7G17JAgX0:yb+u7Y2IFEKOHA0X8i1NAI
Score

7^/10

discovery upx
- ACProtect 1.3x - 1.4x DLL software
  Detects file using ACProtect software.
- UPX packed file
  Detects executables packed with UPX/modified UPX open source packer.
  upx
behavioral7 behavioral8
- Target
  
  $PROGRAMFILES/Common Files/Adobe/CEP/extensions/com.autokroma.afcpanel/index.html
- Size
  
  3KB
- MD5
  
  d9603da172bf35a37da65081cd216d07
- SHA1
  
  e9bc1bbbf59e541f46f722df4fd39387838dc804
- SHA256
  
  418750a2f717a0eba68d0228e3799af96c7683d607fac2a0fcd8e1a6341f4afa
- SHA512
  
  391c7051c3bccff8e54f8a54c281472b0fb9d89ad78759d848ce276aab22d60d17dd915211b0191a142b38419cda08d81bafe91f25679b415d50a89778db09bd
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  $PROGRAMFILES/Common Files/Adobe/CEP/extensions/com.autokroma.afcpanel/js/themeManager.js
- Size
  
  42KB
- MD5
  
  e792df4370cc84b2bf1d95b78a10dddc
- SHA1
  
  ab5d06c3666ea5884f3dac6c494efb7aaaabfa5c
- SHA256
  
  6c8470d3d9262decbb4962be66314f6b25efb0b13b3ffaaff2018b5c002e1917
- SHA512
  
  a1ce31232ee5d76d0dfc341af7be3b96e921e01361a10c0dd7c0d22993a6737a5f9d44aeccde83846a40a96c927c44dead36d2805ccac97f40a312009bd70bed
- SSDEEP
  
  768:rDWpR4ZqDwLwI0cySqgOt9Mhokc4Izjjio9/e9mHMWGDK5C8TtuDdYT0dSoOyj7Q:nWpOZqDwLwI0cROt9Miz5U8v9wBs
Score

3^/10

execution
behavioral11 behavioral12
- Target
  
  $PROGRAMFILES/Common Files/Adobe/CEP/extensions/com.autokroma.afcpanel/jsx/extendScript.jsx
- Size
  
  15KB
- MD5
  
  ef8758e14a91e34632d4fb36f6b819fb
- SHA1
  
  369225928453d3a1b58c03d2d7fccd47e0215851
- SHA256
  
  4c5a6ec719e1081a33e52941ecf00c11be6ab3dac803daf8ad20669f87f652d9
- SHA512
  
  6332dfa384bc6a9476e28505b8ec193d667040dfa00cdcbd50df629cf7b71b5430b96ffcbfdf67377bfc21e4146499b2a1492343cea0ed0b320b62595700ecbe
- SSDEEP
  
  384:ydyQHZMHpkb92BNzQSu++4Xd8kuOyS4kkTTmIlndAlwRiighLutV36LfYdsYTOuU:eEpS92jzQj+fQjJEvOFtl3a+Z8
Score

3^/10

execution
behavioral13 behavioral14
- Target
  
  $PROGRAMFILES/Common Files/Adobe/CEP/extensions/com.autokroma.afcpanel/lib/CSInterface.js
- Size
  
  40KB
- MD5
  
  6ca75532241428e92d70ed98347722b8
- SHA1
  
  ab3023f3ff9959f791082da001eb2b784293671f
- SHA256
  
  d6403403d35ceb61ddc7480054c615481ad06e5bcbac1bab049404c157a13b8d
- SHA512
  
  62d3ce9b6a5bf70f4f3025001e824bebdd20066fa8b2fa32653fb787699e80319d4fc33a4b70bc8067c0ecb879a550643079f246fa58a6f032d238bb2bf5b164
- SSDEEP
  
  768:NZhx9wqhOldO4KZ/EBhujHMwCfkR2cW0ScadI9yL:GqhGqcBQjHMjkgT0SZdp
Score

3^/10

execution
behavioral15 behavioral16
- Target
  
  $TEMP/dll_not_found_error_means_you_need_to_install_vcredist.exe
- Size
  
  12KB
- MD5
  
  d6d46dd60d68e087e80061d2818fae32
- SHA1
  
  23cb0109c3f623c1dc5b8d61edeae632b1d28259
- SHA256
  
  4da333a1b4d049d7bec66fb562ba09f2963588ef189e12bc171a8ec754dd2946
- SHA512
  
  b7801f2c6bcd093b87263c56ccfab240b96eb45046f199b89522841fd705ab30c5656d99c1a6ee7b838406a63c40f395666774cbf6b65d8e5b35bc42171ef514
- SSDEEP
  
  192:HkeTx/RCE6ZymKiOerKnnnOErkPaAws681vW5tfBDS0j:HkeTx/EE6ZlOKKnnE70
Score

1^/10
behavioral17 behavioral18
- Target
  
  C:/Program Files/Adobe/Common/Plug-ins/7.0/MediaCore/Autokroma AfterCodecs/AfterCodecs.exe
- Size
  
  7.8MB
- MD5
  
  dedaddfd627567ae8754f66907c0a8f2
- SHA1
  
  5cfd7eea8d1eebf5a53bd10e2cd9588778a73d2c
- SHA256
  
  fc08c275aebd0233265e0503eddf3833e7a6be90b083613ada4d925760ff31b2
- SHA512
  
  65266b2cdca33c2d887faaa39e8b9e0d15f79ae81f7ae85c7687d4b1e3195a6e7d9e4c1edcbb88f6c917685563207d80e06eff62f95b351f8c0a735533e45f6a
- SSDEEP
  
  98304:KCOCzW5wrM0Ek/8YjURuucM4jjitIV5hwZqXA+:KCO4WarM5C8YwR7cM43itK7wZqw+
Score

1^/10
behavioral19 behavioral20
- Target
  
  C:/Program Files/Adobe/Common/Plug-ins/7.0/MediaCore/Autokroma AfterCodecs/AfterCodecsAE.aex
- Size
  
  7.0MB
- MD5
  
  bf1df8bb0711731fa01b7a314f3c2f8f
- SHA1
  
  210ac4124ab8cf6fec848465e120e51700399dcb
- SHA256
  
  08892cb4a5393b99f572ba4fd85f962640e245081bd3d586b8e81d7384a509bf
- SHA512
  
  e80c438055cf3e5a6762b928caf958a47ca4935e14835ce54f6d8055e14eb5344fc31b45b082c2ff48bf7104fc71562370141ce32d1bf031159a988342bd0965
- SSDEEP
  
  98304:PQ/yJRo2ZrxkWraufPTNx9tynQ6YPoKy7+jm1v:PQ/yJRomrKi3fPb9td6Yjkv
Score

1^/10
behavioral21 behavioral22
- Target
  
  C:/Program Files/Adobe/Common/Plug-ins/7.0/MediaCore/Autokroma AfterCodecs/AfterCodecsPPME.prm
- Size
  
  7.0MB
- MD5
  
  1a7c4ee3e184168a3733a83b1b1b6f0d
- SHA1
  
  7714249c429129306611511367770c3ad89453fd
- SHA256
  
  983b48ed4fdaf328abbe0105eb7a86cb1c6dc6777d151a1f6f403db6d64cf17c
- SHA512
  
  74b900c4c356eefca54af0e4a986c4de522a4ba9cf212d7cee038bfbd8e87d50559eacf4b24e4984d38d51e508cc0948df40e4bf34eaa4e9918fb58ae09eb1f2
- SSDEEP
  
  98304:fMRIwpcNZZPiW/q8x5gaL22tct9o8lpDlwOnpB:fMRIwpcNZdfL5gaL7KthD
Score

1^/10
behavioral23 behavioral24
- Target
  
  C:/Program Files/Adobe/Common/Plug-ins/7.0/MediaCore/Autokroma AfterCodecs/ffkroma.exe
- Size
  
  31.8MB
- MD5
  
  89b20fc03a0a629925f12d351d716df4
- SHA1
  
  d420ca7e1468a208d024bc04e67c19593b63cc58
- SHA256
  
  709fb9b9e6c258e8b39f091aa02bd3c3487ca52ba3fc2bb4eb7ac9bf3ea70fc1
- SHA512
  
  8250c6cd14c78ef99d483a5a4a2a5ca2a746ba433c2e925b7f12340dd956e95aaab111fa7bbd0a3f874b822d1350f99aaed6ebbe9292a97f690a196726f53fa2
- SSDEEP
  
  786432:3e/ZGKZG5ZG5ZGdaHTaHhaHWaHIAp8JVzKPpDsxY+PBNIGL0Lu8K:yX0
Score

1^/10
behavioral25 behavioral26
- Target
  
  Autokroma AfterCodecs v1.10.15 (x64)/Autokroma AfterCodecs/AfterCodecs.exe
- Size
  
  7.8MB
- MD5
  
  15483b316a309d5f7f98e3ccf54d6a02
- SHA1
  
  dcb495689af8cab4ab8a68a24b133e79e384ad6b
- SHA256
  
  39d29b74801a5c4de9ad9321155f52a0b6c21b6789ee8384276f89fb6c2d4b57
- SHA512
  
  e392f5286864b53fe58acefcd7443c5184414027a5e116c8f8795925eba068767821493f0995e8ec45da14c774a558907047d5ac03d787ebcb45de85fcb28843
- SSDEEP
  
  98304:KCOCzW5wrM0Ek/8YjURuucM4jjFtIV5hmZqXA+:KCO4WarM5C8YwR7cM43FtK7mZqw+
Score

6^/10

discovery evasion trojan
- Checks whether UAC is enabled
  evasion trojan
behavioral27 behavioral28
- Target
  
  Autokroma AfterCodecs v1.10.15 (x64)/Autokroma AfterCodecs/AfterCodecsAE.aex
- Size
  
  7.0MB
- MD5
  
  f75469e4d05d535b8946a28af1161aee
- SHA1
  
  fd72056f8cd3435840453c0f3b2264337e5ceb5a
- SHA256
  
  d15914953f012cfc0bdc5e4cbde95527f7f841128c22ee1a4b89048f9854390d
- SHA512
  
  e4ea92197d702bf95d4c17e61b1d253bb21b63a75e611a52cd34cf7ee70aa3148267acdb968434eed2cc854737969d0d35f92dfa991027fcf8396127f1c99f4a
- SSDEEP
  
  98304:PQ/yJRo2ZrxkWraufPTNx6tynQ6YFoKy7+jm1v:PQ/yJRomrKi3fPb6td6YRkv
Score

1^/10
behavioral29 behavioral30
- Target
  
  Autokroma AfterCodecs v1.10.15 (x64)/Autokroma AfterCodecs/AfterCodecsPPME.prm
- Size
  
  7.0MB
- MD5
  
  447b5d1d4d4de00e0a6f57a334c8e17b
- SHA1
  
  e965b08c71fca1f5bab3b054f66a391b4602332a
- SHA256
  
  c0f536c96e0b71e5a4195cf459253110ba19e4ffe539e80d5ad06ecdbc0e1dfe
- SHA512
  
  9e318457844f8df767dd872d676e0adb64dcdd36640120c26e285194eb25fafb886bca95b7285a0eea6938a1f6ea1f47b00a27c4564f2b4c414829659d745e08
- SSDEEP
  
  98304:fMRIwpcNZZPiW/q8x5gaL22Ict9o8lpD3wOnpB:fMRIwpcNZdfL5gaL7Jth5
Score

1^/10
behavioral31 behavioral32

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

ACProtect 1.3x - 1.4x DLL software

UPX packed file

ACProtect 1.3x - 1.4x DLL software

UPX packed file

Checks whether UAC is enabled

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32