Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
avg_secure_browser_setup.exe
-
Size
815KB
-
Sample
221023-k1fj4ahehj
-
MD5
a0ba2bd5a6c7ca976280ce1c5adc8e02
-
SHA1
5b348fe4c92c249274277307b7bcc867518e2fd9
-
SHA256
285f523bfc4d03efd65c514c6ffb9802afe2bebf55c7c4a5043c3cc6c1a6d012
-
SHA512
b2558496201c818e6a193092a1e67cc2e8a3964b4074e76471e6572ba5c6ae127675e9a4db9e2678ee63e8e0ffa31dc5a5681be11423bc2b7e4c75b087142b88
-
SSDEEP
24576:DfY/y/93nxvj+eT4mhiNqoxOUjfJ6sins:Deg3xvjfd1oxOUjfJb1
Malware Config
Targets
-
-
Target
avg_secure_browser_setup.exe
-
Size
815KB
-
MD5
a0ba2bd5a6c7ca976280ce1c5adc8e02
-
SHA1
5b348fe4c92c249274277307b7bcc867518e2fd9
-
SHA256
285f523bfc4d03efd65c514c6ffb9802afe2bebf55c7c4a5043c3cc6c1a6d012
-
SHA512
b2558496201c818e6a193092a1e67cc2e8a3964b4074e76471e6572ba5c6ae127675e9a4db9e2678ee63e8e0ffa31dc5a5681be11423bc2b7e4c75b087142b88
-
SSDEEP
24576:DfY/y/93nxvj+eT4mhiNqoxOUjfJ6sins:Deg3xvjfd1oxOUjfJb1
Score8/10-
Downloads MZ/PE file
-
Executes dropped EXE
-
Modifies Installed Components in the registry
-
Registers COM server for autorun
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-