Overview
overview
8Static
static
3avg_secure...up.exe
windows7-x64
8avg_secure...up.exe
windows10-2004-x64
7$PLUGINSDI...ns.dll
windows7-x64
3$PLUGINSDI...ns.dll
windows10-2004-x64
3$PLUGINSDIR/Midex.dll
windows7-x64
6$PLUGINSDIR/Midex.dll
windows10-2004-x64
6$PLUGINSDIR/jsis.dll
windows7-x64
3$PLUGINSDIR/jsis.dll
windows10-2004-x64
3$PLUGINSDI...ON.dll
windows7-x64
3$PLUGINSDI...ON.dll
windows10-2004-x64
3$_106_.dll
windows7-x64
1$_106_.dll
windows10-2004-x64
1General
-
Target
avg_secure_browser_setup.exe
-
Size
5.8MB
-
Sample
240629-p34f6a1bmr
-
MD5
8b1c0a9afbb0ceb4f5d436683531878a
-
SHA1
2d0d2e2146f18b00e92359f74d28fb596abff911
-
SHA256
40206ba6df9459656cf0de49d1f2d4a640ac51e92f3da1e4388127071e747155
-
SHA512
09c324af5d25d06cccd032d50e7771a23b412e9326ce9c3b8cca6eca70d893d710d113eee8c5aa8020a01f2c41f250e015f23fa8a48e3aaeb4200534e569c514
-
SSDEEP
98304:9ALz1JdBgUZrjJeVcqdYwyQ50Fk8ou3xUEBS9/RZJUGXjZvYHiUYDe:9AzPzgUZrt54Yj20Fk8oLEBSZRfUGT6D
Static task
static1
Behavioral task
behavioral1
Sample
avg_secure_browser_setup.exe
Resource
win7-20240611-en
Behavioral task
behavioral2
Sample
avg_secure_browser_setup.exe
Resource
win10v2004-20240508-en
Behavioral task
behavioral3
Sample
$PLUGINSDIR/JsisPlugins.dll
Resource
win7-20240508-en
Behavioral task
behavioral4
Sample
$PLUGINSDIR/JsisPlugins.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral5
Sample
$PLUGINSDIR/Midex.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$PLUGINSDIR/Midex.dll
Resource
win10v2004-20240611-en
Behavioral task
behavioral7
Sample
$PLUGINSDIR/jsis.dll
Resource
win7-20240508-en
Behavioral task
behavioral8
Sample
$PLUGINSDIR/jsis.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral9
Sample
$PLUGINSDIR/nsJSON.dll
Resource
win7-20240508-en
Behavioral task
behavioral10
Sample
$PLUGINSDIR/nsJSON.dll
Resource
win10v2004-20240508-en
Behavioral task
behavioral11
Sample
$_106_.dll
Resource
win7-20240611-en
Behavioral task
behavioral12
Sample
$_106_.dll
Resource
win10v2004-20240611-en
Malware Config
Targets
-
-
Target
avg_secure_browser_setup.exe
-
Size
5.8MB
-
MD5
8b1c0a9afbb0ceb4f5d436683531878a
-
SHA1
2d0d2e2146f18b00e92359f74d28fb596abff911
-
SHA256
40206ba6df9459656cf0de49d1f2d4a640ac51e92f3da1e4388127071e747155
-
SHA512
09c324af5d25d06cccd032d50e7771a23b412e9326ce9c3b8cca6eca70d893d710d113eee8c5aa8020a01f2c41f250e015f23fa8a48e3aaeb4200534e569c514
-
SSDEEP
98304:9ALz1JdBgUZrjJeVcqdYwyQ50Fk8ou3xUEBS9/RZJUGXjZvYHiUYDe:9AzPzgUZrt54Yj20Fk8oLEBSZRfUGT6D
-
Boot or Logon Autostart Execution: Active Setup
Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
-
Downloads MZ/PE file
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Event Triggered Execution: Component Object Model Hijacking
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Checks system information in the registry
System information is often read in order to detect sandboxing environments.
-
-
-
Target
$PLUGINSDIR/JsisPlugins.dll
-
Size
2.1MB
-
MD5
d21ae3f86fc69c1580175b7177484fa7
-
SHA1
2ed2c1f5c92ff6daa5ea785a44a6085a105ae822
-
SHA256
a6241f168cacb431bfcd4345dd77f87b378dd861b5d440ae8d3ffd17b9ceb450
-
SHA512
eda08b6ebdb3f0a3b6b43ef755fc275396a8459b8fc8a41eff55473562c394d015e5fe573b3b134eeed72edff2b0f21a3b9ee69a4541fd9738e880b71730303f
-
SSDEEP
49152:rWUF3+DvlxaVlUj2UxF9TWkWbQWxACvRG+OZ1m/I31he2UaIyuK:rtF3+DLaVlUFWkWbQWx1JtOLm/IgaI
Score3/10 -
-
-
Target
$PLUGINSDIR/Midex.dll
-
Size
126KB
-
MD5
2597a829e06eb9616af49fcd8052b8bd
-
SHA1
871801aba3a75f95b10701f31303de705cb0bc5a
-
SHA256
7359ca1befdb83d480fc1149ac0e8e90354b5224db7420b14b2d96d87cd20a87
-
SHA512
8e5552b2f6e1c531aaa9fd507aa53c6e3d2f1dd63fe19e6350c5b6fbb009c99d353bb064a9eba4c31af6a020b31c0cd519326d32db4c8b651b83952e265ffb35
-
SSDEEP
3072:sACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazGk:sACUTz1JlopG5K4OZgeC
Score6/10-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
-
-
Target
$PLUGINSDIR/jsis.dll
-
Size
127KB
-
MD5
2027121c3cdeb1a1f8a5f539d1fe2e28
-
SHA1
bcf79f49f8fc4c6049f33748ded21ec3471002c2
-
SHA256
1dae8b6de29f2cfc0745d9f2a245b9ecb77f2b272a5b43de1ba5971c43bf73a1
-
SHA512
5b0d9966ecc08bcc2c127b2bd916617b8de2dcbdc28aff7b4b8449a244983bfbe33c56f5c4a53b7cf21faf1dbab4bb845a5894492e7e10f3f517071f7a59727c
-
SSDEEP
3072:d3Zk9fOAewM0+W8NVH28fB948igEWo8P+fidax:d3qNOApM1G8fBpidWZ2
Score3/10 -
-
-
Target
$PLUGINSDIR/nsJSON.dll
-
Size
36KB
-
MD5
f840a9ddd319ee8c3da5190257abde5b
-
SHA1
3e868939239a5c6ef9acae10e1af721e4f99f24b
-
SHA256
ddb6c9f8de72ddd589f009e732040250b2124bca6195aa147aa7aac43fc2c73a
-
SHA512
8e12391027af928e4f7dad1ec4ab83e8359b19a7eb0be0372d051dfd2dd643dc0dfa086bd345760a496e5630c17f53db22f6008ae665033b766cbfcdd930881a
-
SSDEEP
768:91vTYFHvlhqjbm8oEHB6hC+/3P4LA27bRpjYiidWAMxkE6:91bYPHqu7EUhL27bTj7LxO
Score3/10 -
-
-
Target
$_106_
-
Size
6.4MB
-
MD5
f40c5626532c77b9b4a6bb384db48bbe
-
SHA1
d3124b356f6495288fc7ff1785b1932636ba92d3
-
SHA256
e6d594047deecb0f3d49898475084d286072b6e3e4a30eb9d0d03e9b3228d60f
-
SHA512
8eabf1f5f6561a587026a30258c959a6b3aa4fa2a2d5a993fcd7069bff21b1c25a648feea0ac5896adcf57414308644ac48a4ff4bdc3a5d6e6b91bc735dc1056
-
SSDEEP
98304:aTvkQ/nTstrpzpNBcSrMVudcoCL+34a5eB2atknfQJlH7ixiu1aqrqNCwLtwFkVg:aTvkTLVTAudcoJheBnknfFrqNXleb
Score1/10 -
MITRE ATT&CK Matrix ATT&CK v13
Persistence
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Event Triggered Execution
2Image File Execution Options Injection
1Component Object Model Hijacking
1Pre-OS Boot
2Bootkit
2Privilege Escalation
Boot or Logon Autostart Execution
2Registry Run Keys / Startup Folder
1Active Setup
1Event Triggered Execution
2Image File Execution Options Injection
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
4Pre-OS Boot
2Bootkit
2Subvert Trust Controls
1Install Root Certificate
1