Overview

overview

8

Static

static

1

avira_fr_a...dp.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    avira_fr_aps10_4064744797_x0k2hxoar3t4xoobqwfh_wdp.exe

  • Size

    6.2MB

  • Sample

    230322-mplyvaac3t

  • MD5

    127cd4a0396ecfbf0471a58a70e6d6e2

  • SHA1

    1bbd1ed6ef68a5ad51fcb5e14fb15c52a0f2978a

  • SHA256

    20409aec3518613040544af55698c4557c176266d9adb0a46c53b581fcfc5f6b

  • SHA512

    73c8f47208a21bddede88734d9a57653a254d57db50907e85ba1c3471d0647d67392b6661ceef661393d919916d2c8f6bb61d2f44a8349d9f8a7de724e9ecc3a

  • SSDEEP

    49152:7bs0R1yvaOQ/b5HEYhOXXpDYALLRENU9Qd+bukinQhJRHxjCOdJdKcKrgDQMHLZv:PYQ/bpECOXWU9w6ZiQFHEdXhSPX

Score
8/10
adwarediscoverypersistencestealer

Malware Config

Targets

    • Target

      avira_fr_aps10_4064744797_x0k2hxoar3t4xoobqwfh_wdp.exe

    • Size

      6.2MB

    • MD5

      127cd4a0396ecfbf0471a58a70e6d6e2

    • SHA1

      1bbd1ed6ef68a5ad51fcb5e14fb15c52a0f2978a

    • SHA256

      20409aec3518613040544af55698c4557c176266d9adb0a46c53b581fcfc5f6b

    • SHA512

      73c8f47208a21bddede88734d9a57653a254d57db50907e85ba1c3471d0647d67392b6661ceef661393d919916d2c8f6bb61d2f44a8349d9f8a7de724e9ecc3a

    • SSDEEP

      49152:7bs0R1yvaOQ/b5HEYhOXXpDYALLRENU9Qd+bukinQhJRHxjCOdJdKcKrgDQMHLZv:PYQ/bpECOXWU9w6ZiQFHEdXhSPX

    Score
    8/10
    adwarediscoverypersistencestealer

    • Creates new service(s)

      persistence

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • Sets file execution options in registry

      persistence

    • Sets service image path in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Registers COM server for autorun

      persistence

    • Adds Run key to start application

      persistence

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Drops desktop.ini file(s)

    • Installs/modifies Browser Helper Object

      BHOs are DLL modules which act as plugins for Internet Explorer.

      stealeradware

    • Checks system information in the registry

      System information is often read in order to detect sandboxing environments.

    • Drops file in System32 directory

    behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

1
T1053

Persistence

New Service

1
T1050

Registry Run Keys / Startup Folder

5
T1060

Browser Extensions

1
T1176

Scheduled Task

1
T1053

Privilege Escalation

New Service

1
T1050

Scheduled Task

1
T1053

Defense Evasion

Modify Registry

8
T1112

Install Root Certificate

1
T1130

Credential Access

Discovery

Query Registry

4
T1012

System Information Discovery

4
T1082

Security Software Discovery

1
T1063

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks