Overview

overview

8

Static

static

1

avast_free...ne.exe

windows7-x64

8

avast_free...ne.exe

windows10-2004-x64

8

Sharing

Copy URL
Twitter E-mail

General

  • Target

    avast_free_antivirus_setup_online.exe

  • Size

    256KB

  • Sample

    230328-apr4msga49

  • MD5

    b401846f55c369a0858587bb3c230223

  • SHA1

    bacaf9d0e566e1fc27b456266a367c0085c61e8d

  • SHA256

    29a4c2e2f7e084c3767a7aaff2a79d9406557bef698d70130cdab4049010f156

  • SHA512

    09e37dabd2e8efecb9ed2dd153fee808d2c318ff46eb0e0b33a5b994259c1db141fa3214beda43a38dc50687c2b4b7d083e9cbe6dd5422638ae9722d5520cffe

  • SSDEEP

    6144:TCfHrZae3GFqRQcMeh4WpywpjchNCPnRebcY:TCfLZadcM24fRNOeJ

Score
8/10
bootkitpersistence

Malware Config

Targets

    • Target

      avast_free_antivirus_setup_online.exe

    • Size

      256KB

    • MD5

      b401846f55c369a0858587bb3c230223

    • SHA1

      bacaf9d0e566e1fc27b456266a367c0085c61e8d

    • SHA256

      29a4c2e2f7e084c3767a7aaff2a79d9406557bef698d70130cdab4049010f156

    • SHA512

      09e37dabd2e8efecb9ed2dd153fee808d2c318ff46eb0e0b33a5b994259c1db141fa3214beda43a38dc50687c2b4b7d083e9cbe6dd5422638ae9722d5520cffe

    • SSDEEP

      6144:TCfHrZae3GFqRQcMeh4WpywpjchNCPnRebcY:TCfLZadcM24fRNOeJ

    Score
    8/10
    bootkitpersistence

    • Downloads MZ/PE file

    • Executes dropped EXE

    • Loads dropped DLL

    • Checks for any installed AV software in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

1
T1067

Privilege Escalation

Defense Evasion

Install Root Certificate

1
T1130

Modify Registry

1
T1112

Credential Access

Discovery

Security Software Discovery

1
T1063

Query Registry

1
T1012

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks