1d3dd60c0bbd7c214146171304c811bb82eb044f97fdac6dc11af485221069d6 | Triage

Submit
Reports

Overview

overview

6

Static

static

1

avast_free...ne.exe

windows7-x64

6

avast_free...ne.exe

windows10-2004-x64

6

Sharing

General

Target

avast_free_antivirus_setup_online.exe
Size

257KB
Sample

240630-h91waayank
MD5

aa966bc6a746f2b7725b4cd5f90a42c5
SHA1

111fbd75da6137695e6935a41ca6ee4395fd8a3b
SHA256

1d3dd60c0bbd7c214146171304c811bb82eb044f97fdac6dc11af485221069d6
SHA512

8001d8ece5a0e5442a7826d6dd3dbc891ddd96015826b9b3bfb35a54a864153570c3775fa0f1d14a1799adc401eb1442a83bd3e6b5a7bf423714f425b953c383
SSDEEP

3072:42RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhh3n+Tt:40KgGwHqwOOELha+sm2D2+UhnguEC

Score

6^/10

bootkit persistence

Static task

static1

Behavioral task

behavioral1

Sample

avast_free_antivirus_setup_online.exe

Resource

win7-20240221-en

bootkit persistence

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

avast_free_antivirus_setup_online.exe

Resource

win10v2004-20240508-en

bootkit persistence

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  avast_free_antivirus_setup_online.exe
- Size
  
  257KB
- MD5
  
  aa966bc6a746f2b7725b4cd5f90a42c5
- SHA1
  
  111fbd75da6137695e6935a41ca6ee4395fd8a3b
- SHA256
  
  1d3dd60c0bbd7c214146171304c811bb82eb044f97fdac6dc11af485221069d6
- SHA512
  
  8001d8ece5a0e5442a7826d6dd3dbc891ddd96015826b9b3bfb35a54a864153570c3775fa0f1d14a1799adc401eb1442a83bd3e6b5a7bf423714f425b953c383
- SSDEEP
  
  3072:42RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhh3n+Tt:40KgGwHqwOOELha+sm2D2+UhnguEC
Score

6^/10

bootkit persistence
- Checks for any installed AV software in registry
- Downloads MZ/PE file
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Modify Registry

Credential Access

Discovery

Software Discovery

Security Software Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

© 2018-2024

Terms | Privacy