5228862677a02d1f680169e5efd6c8ab5a420be7ff80766d73b1109ce2023dc2 | Triage

Resubmissions

30-03-2023 00:55

230330-a93qwaad93 8

28-03-2023 01:07

230328-bgwbrsgb75 8

Sharing

General

Target

avast_free_antivirus_setup_online (1).exe
Size

256KB
Sample

230328-bgwbrsgb75
MD5

61d6e65726ef4213f39129401b03b42f
SHA1

7ea027968788524f5bcfbae6baf9278c6c88056e
SHA256

5228862677a02d1f680169e5efd6c8ab5a420be7ff80766d73b1109ce2023dc2
SHA512

c55adc484dcb6e0c2d716f997faa1ed14cc2d281073cad40ad77b723c999bc5069b16dfcf3bd8b8306db6fd1d429c37bc30470d93e73f70300217a9be6772b41
SSDEEP

6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPyyeb:bCfLZadcM24fRN4e

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  avast_free_antivirus_setup_online (1).exe
- Size
  
  256KB
- MD5
  
  61d6e65726ef4213f39129401b03b42f
- SHA1
  
  7ea027968788524f5bcfbae6baf9278c6c88056e
- SHA256
  
  5228862677a02d1f680169e5efd6c8ab5a420be7ff80766d73b1109ce2023dc2
- SHA512
  
  c55adc484dcb6e0c2d716f997faa1ed14cc2d281073cad40ad77b723c999bc5069b16dfcf3bd8b8306db6fd1d429c37bc30470d93e73f70300217a9be6772b41
- SSDEEP
  
  6144:bCfHrZae3GFqRQcMeh4WpywpjchNCPyyeb:bCfLZadcM24fRN4e
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Executes dropped EXE
- Loads dropped DLL
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Install Root Certificate

Modify Registry

Credential Access

Discovery

Security Software Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence