5505d7c13045d50f276c4327b5a4ad9f2fc2da549e7a29ef8647fd1914862099 | Triage

Sharing

General

Target

avastfreeantivirussetuponline.exe.bin
Size

257KB
Sample

230511-xamxpsbh7z
MD5

03576fa5627a3a26e9fcecb9ec5e72fa
SHA1

0c3db7f3fb398eb874c7684ea40cd340222706b4
SHA256

5505d7c13045d50f276c4327b5a4ad9f2fc2da549e7a29ef8647fd1914862099
SHA512

e4bab4f9e983251419b379e74d599bdfa0cefb5f6daf94f4a4a423f66265aa41e375d227e48dee9d1a3ff67e6b601848b3468e62f6f66301bfff4670745029d1
SSDEEP

3072:P2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhhBn+Ts:P0KgGwHqwOOELha+sm2D2+Uhnguy8d4

Score

8^/10

bootkit persistence

Malware Config

Targets

- Target
  
  avastfreeantivirussetuponline.exe.bin
- Size
  
  257KB
- MD5
  
  03576fa5627a3a26e9fcecb9ec5e72fa
- SHA1
  
  0c3db7f3fb398eb874c7684ea40cd340222706b4
- SHA256
  
  5505d7c13045d50f276c4327b5a4ad9f2fc2da549e7a29ef8647fd1914862099
- SHA512
  
  e4bab4f9e983251419b379e74d599bdfa0cefb5f6daf94f4a4a423f66265aa41e375d227e48dee9d1a3ff67e6b601848b3468e62f6f66301bfff4670745029d1
- SSDEEP
  
  3072:P2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhhBn+Ts:P0KgGwHqwOOELha+sm2D2+Uhnguy8d4
Score

8^/10

bootkit persistence
- Downloads MZ/PE file
- Checks for any installed AV software in registry
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence