General
-
Target
avast_secure_browser_setup_2.exe
-
Size
5.8MB
-
Sample
230407-s7w5esbe51
-
MD5
3202685f9dd196dc30a291eee551931e
-
SHA1
697647069c2b362063cd63d1d77c6a440bc1e033
-
SHA256
ea0ac9685ff6aaa2fdbaefe4672109a59a304fa6bb2940fb3744c0446ef37a27
-
SHA512
2f407e577a7b54b85c8269d139c146698af6b65911c7a90aa95f4e7c7b7aea4b63c59dc067b9a502b9436b1e3a3b9549fa846fb11ed7ac1f66f031c3d8efb848
-
SSDEEP
98304:jj5fxWK2oWmnPoKT43Ur+834oAg8ppFd+7SDVAFeTbxyYTeTt5KYsXZ/gRdD5t:Jp2oWmPoKTwUK834oAgUpFdqWVLxw+xW
Malware Config
Targets
-
-
Target
avast_secure_browser_setup_2.exe
-
Size
5.8MB
-
MD5
3202685f9dd196dc30a291eee551931e
-
SHA1
697647069c2b362063cd63d1d77c6a440bc1e033
-
SHA256
ea0ac9685ff6aaa2fdbaefe4672109a59a304fa6bb2940fb3744c0446ef37a27
-
SHA512
2f407e577a7b54b85c8269d139c146698af6b65911c7a90aa95f4e7c7b7aea4b63c59dc067b9a502b9436b1e3a3b9549fa846fb11ed7ac1f66f031c3d8efb848
-
SSDEEP
98304:jj5fxWK2oWmnPoKT43Ur+834oAg8ppFd+7SDVAFeTbxyYTeTt5KYsXZ/gRdD5t:Jp2oWmPoKTwUK834oAgUpFdqWVLxw+xW
Score8/10-
Downloads MZ/PE file
-
Modifies Installed Components in the registry
-
Sets file execution options in registry
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Registers COM server for autorun
-
Checks for any installed AV software in registry
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-