Triage | Malware sandboxing report by Hatching Triage

Sharing

General

Target

avast_free_antivirus_setup_online.exe
Size

256KB
Sample

230328-apr4msga49
MD5

b401846f55c369a0858587bb3c230223
SHA1

bacaf9d0e566e1fc27b456266a367c0085c61e8d
SHA256

29a4c2e2f7e084c3767a7aaff2a79d9406557bef698d70130cdab4049010f156
SHA512

09e37dabd2e8efecb9ed2dd153fee808d2c318ff46eb0e0b33a5b994259c1db141fa3214beda43a38dc50687c2b4b7d083e9cbe6dd5422638ae9722d5520cffe
SSDEEP

6144:TCfHrZae3GFqRQcMeh4WpywpjchNCPnRebcY:TCfLZadcM24fRNOeJ

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  avast_free_antivirus_setup_online.exe
- Size
  
  256KB
- MD5
  
  b401846f55c369a0858587bb3c230223
- SHA1
  
  bacaf9d0e566e1fc27b456266a367c0085c61e8d
- SHA256
  
  29a4c2e2f7e084c3767a7aaff2a79d9406557bef698d70130cdab4049010f156
- SHA512
  
  09e37dabd2e8efecb9ed2dd153fee808d2c318ff46eb0e0b33a5b994259c1db141fa3214beda43a38dc50687c2b4b7d083e9cbe6dd5422638ae9722d5520cffe
- SSDEEP
  
  6144:TCfHrZae3GFqRQcMeh4WpywpjchNCPnRebcY:TCfLZadcM24fRNOeJ
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

T1112

Install Root Certificate

Discovery

Query Registry

T1012

Security Software Discovery

T1063

System Information Discovery

T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Bootkit

T1067

Privilege Escalation

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence