Triage | Malware sandboxing report by Hatching Triage

Resubmissions

30-03-2023 00:55

230330-a93qwaad93 8

28-03-2023 01:07

230328-bgwbrsgb75 8

Sharing

General

Target

avast_free_antivirus_setup_online (1).exe
Size

256KB
Sample

230328-bgwbrsgb75
MD5

61d6e65726ef4213f39129401b03b42f
SHA1

7ea027968788524f5bcfbae6baf9278c6c88056e
SHA256

5228862677a02d1f680169e5efd6c8ab5a420be7ff80766d73b1109ce2023dc2
SHA512

c55adc484dcb6e0c2d716f997faa1ed14cc2d281073cad40ad77b723c999bc5069b16dfcf3bd8b8306db6fd1d429c37bc30470d93e73f70300217a9be6772b41
SSDEEP

6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPyyeb:bCfLZadcM24fRN4e

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  avast_free_antivirus_setup_online (1).exe
- Size
  
  256KB
- MD5
  
  61d6e65726ef4213f39129401b03b42f
- SHA1
  
  7ea027968788524f5bcfbae6baf9278c6c88056e
- SHA256
  
  5228862677a02d1f680169e5efd6c8ab5a420be7ff80766d73b1109ce2023dc2
- SHA512
  
  c55adc484dcb6e0c2d716f997faa1ed14cc2d281073cad40ad77b723c999bc5069b16dfcf3bd8b8306db6fd1d429c37bc30470d93e73f70300217a9be6772b41
- SSDEEP
  
  6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPyyeb:bCfLZadcM24fRN4e
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix

Collection

Command and Control

Credential Access

Defense Evasion

Modify Registry

T1112

Install Root Certificate

Discovery

Query Registry

T1012

Security Software Discovery

T1063

System Information Discovery

T1082

Execution

Exfiltration

Impact

Initial Access

Lateral Movement

Persistence

Bootkit

T1067

Privilege Escalation

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence