334ec9e7d937c42e8ef12f9d4ec90862ecc5410c06442393a38390b34886aa59 | Triage

Submit
Reports

Overview

overview

7

Static

static

1

AnyViewerSetup.exe

windows7-x64

4

AnyViewerSetup.exe

windows10-2004-x64

7

Sharing

General

Target

AnyViewerSetup.exe
Size

36.3MB
Sample

240630-v7mbbsvdjn
MD5

199f287b81b00d54ec6e12c313bbdc4e
SHA1

25ff04330d5a1fafae592f0d07e9e6ecfc61db60
SHA256

334ec9e7d937c42e8ef12f9d4ec90862ecc5410c06442393a38390b34886aa59
SHA512

1006d0c84c5f8bdcf50670958f24a7d0a3d0dff54d620d1dcc5d9e057269dbc506a7e622172ab673aed108b4e0ab0e7569fc89898e335c74d2c61ca6e354f16a
SSDEEP

786432:e0ea8KPO0BEreQ/dyD7VVZIXPMA/h9rWsyd6d0z1CojZSd23Y9z9o2VRrtp:ePKP3mJ/8D7hkj/b1ydFZjZS59BLpp

Score

7^/10

bootkit discovery persistence spyware stealer

Static task

static1

Behavioral task

behavioral1

Sample

AnyViewerSetup.exe

Resource

win7-20240611-en

windows7-x64

3 signatures

150 seconds

Behavioral task

behavioral2

Sample

AnyViewerSetup.exe

Resource

win10v2004-20240508-en

bootkit discovery persistence spyware stealer

windows10-2004-x64

19 signatures

150 seconds

Malware Config

Targets

- Target
  
  AnyViewerSetup.exe
- Size
  
  36.3MB
- MD5
  
  199f287b81b00d54ec6e12c313bbdc4e
- SHA1
  
  25ff04330d5a1fafae592f0d07e9e6ecfc61db60
- SHA256
  
  334ec9e7d937c42e8ef12f9d4ec90862ecc5410c06442393a38390b34886aa59
- SHA512
  
  1006d0c84c5f8bdcf50670958f24a7d0a3d0dff54d620d1dcc5d9e057269dbc506a7e622172ab673aed108b4e0ab0e7569fc89898e335c74d2c61ca6e354f16a
- SSDEEP
  
  786432:e0ea8KPO0BEreQ/dyD7VVZIXPMA/h9rWsyd6d0z1CojZSd23Y9z9o2VRrtp:ePKP3mJ/8D7hkj/b1ydFZjZS59BLpp
Score

7^/10

bootkit discovery persistence spyware stealer
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

behavioral2

bootkitdiscoverypersistencespywarestealer

© 2018-2024

Terms | Privacy