40206ba6df9459656cf0de49d1f2d4a640ac51e92f3da1e4388127071e747155

Sharing

Copy URL

Twitter E-mail

General

Target

avg_secure_browser_setup.exe
Size

5.8MB
Sample

240629-p34f6a1bmr
MD5

8b1c0a9afbb0ceb4f5d436683531878a
SHA1

2d0d2e2146f18b00e92359f74d28fb596abff911
SHA256

40206ba6df9459656cf0de49d1f2d4a640ac51e92f3da1e4388127071e747155
SHA512

09c324af5d25d06cccd032d50e7771a23b412e9326ce9c3b8cca6eca70d893d710d113eee8c5aa8020a01f2c41f250e015f23fa8a48e3aaeb4200534e569c514
SSDEEP

98304:9ALz1JdBgUZrjJeVcqdYwyQ50Fk8ou3xUEBS9/RZJUGXjZvYHiUYDe:9AzPzgUZrt54Yj20Fk8oLEBSZRfUGT6D

Score

8^/10

Malware Config

Targets

- Target
  
  avg_secure_browser_setup.exe
- Size
  
  5.8MB
- MD5
  
  8b1c0a9afbb0ceb4f5d436683531878a
- SHA1
  
  2d0d2e2146f18b00e92359f74d28fb596abff911
- SHA256
  
  40206ba6df9459656cf0de49d1f2d4a640ac51e92f3da1e4388127071e747155
- SHA512
  
  09c324af5d25d06cccd032d50e7771a23b412e9326ce9c3b8cca6eca70d893d710d113eee8c5aa8020a01f2c41f250e015f23fa8a48e3aaeb4200534e569c514
- SSDEEP
  
  98304:9ALz1JdBgUZrjJeVcqdYwyQ50Fk8ou3xUEBS9/RZJUGXjZvYHiUYDe:9AzPzgUZrt54Yj20Fk8oLEBSZRfUGT6D
Score

8^/10

bootkit discovery evasion persistence privilege_escalation spyware stealer trojan
- Boot or Logon Autostart Execution: Active Setup
  Adversaries may achieve persistence by adding a Registry key to the Active Setup of the local machine.
  persistence
- Downloads MZ/PE file
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Event Triggered Execution: Component Object Model Hijacking
  Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
  persistence privilege_escalation
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Adds Run key to start application
  persistence
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks system information in the registry
  System information is often read in order to detect sandboxing environments.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/JsisPlugins.dll
- Size
  
  2.1MB
- MD5
  
  d21ae3f86fc69c1580175b7177484fa7
- SHA1
  
  2ed2c1f5c92ff6daa5ea785a44a6085a105ae822
- SHA256
  
  a6241f168cacb431bfcd4345dd77f87b378dd861b5d440ae8d3ffd17b9ceb450
- SHA512
  
  eda08b6ebdb3f0a3b6b43ef755fc275396a8459b8fc8a41eff55473562c394d015e5fe573b3b134eeed72edff2b0f21a3b9ee69a4541fd9738e880b71730303f
- SSDEEP
  
  49152:rWUF3+DvlxaVlUj2UxF9TWkWbQWxACvRG+OZ1m/I31he2UaIyuK:rtF3+DLaVlUFWkWbQWx1JtOLm/IgaI
Score

3^/10
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/Midex.dll
- Size
  
  126KB
- MD5
  
  2597a829e06eb9616af49fcd8052b8bd
- SHA1
  
  871801aba3a75f95b10701f31303de705cb0bc5a
- SHA256
  
  7359ca1befdb83d480fc1149ac0e8e90354b5224db7420b14b2d96d87cd20a87
- SHA512
  
  8e5552b2f6e1c531aaa9fd507aa53c6e3d2f1dd63fe19e6350c5b6fbb009c99d353bb064a9eba4c31af6a020b31c0cd519326d32db4c8b651b83952e265ffb35
- SSDEEP
  
  3072:sACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazGk:sACUTz1JlopG5K4OZgeC
Score

6^/10

bootkit persistence
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/jsis.dll
- Size
  
  127KB
- MD5
  
  2027121c3cdeb1a1f8a5f539d1fe2e28
- SHA1
  
  bcf79f49f8fc4c6049f33748ded21ec3471002c2
- SHA256
  
  1dae8b6de29f2cfc0745d9f2a245b9ecb77f2b272a5b43de1ba5971c43bf73a1
- SHA512
  
  5b0d9966ecc08bcc2c127b2bd916617b8de2dcbdc28aff7b4b8449a244983bfbe33c56f5c4a53b7cf21faf1dbab4bb845a5894492e7e10f3f517071f7a59727c
- SSDEEP
  
  3072:d3Zk9fOAewM0+W8NVH28fB948igEWo8P+fidax:d3qNOApM1G8fBpidWZ2
Score

3^/10
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/nsJSON.dll
- Size
  
  36KB
- MD5
  
  f840a9ddd319ee8c3da5190257abde5b
- SHA1
  
  3e868939239a5c6ef9acae10e1af721e4f99f24b
- SHA256
  
  ddb6c9f8de72ddd589f009e732040250b2124bca6195aa147aa7aac43fc2c73a
- SHA512
  
  8e12391027af928e4f7dad1ec4ab83e8359b19a7eb0be0372d051dfd2dd643dc0dfa086bd345760a496e5630c17f53db22f6008ae665033b766cbfcdd930881a
- SSDEEP
  
  768:91vTYFHvlhqjbm8oEHB6hC+/3P4LA27bRpjYiidWAMxkE6:91bYPHqu7EUhL27bTj7LxO
Score

3^/10
behavioral10 behavioral9
- Target
  
  $_106_
- Size
  
  6.4MB
- MD5
  
  f40c5626532c77b9b4a6bb384db48bbe
- SHA1
  
  d3124b356f6495288fc7ff1785b1932636ba92d3
- SHA256
  
  e6d594047deecb0f3d49898475084d286072b6e3e4a30eb9d0d03e9b3228d60f
- SHA512
  
  8eabf1f5f6561a587026a30258c959a6b3aa4fa2a2d5a993fcd7069bff21b1c25a648feea0ac5896adcf57414308644ac48a4ff4bdc3a5d6e6b91bc735dc1056
- SSDEEP
  
  98304:aTvkQ/nTstrpzpNBcSrMVudcoCL+34a5eB2atknfQJlH7ixiu1aqrqNCwLtwFkVg:aTvkTLVTAudcoJheBnknfFrqNXleb
Score

1^/10
behavioral11 behavioral12