e1c2d482dbaf5814baa67c3ee21f62516b573676a90057c9f6544c7f887b33c9 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

3

Avast Clea...um.exe

windows7-x64

7

Avast Clea...um.exe

windows10-2004-x64

Sharing

General

Target

Avast Cleanup Premium.exe
Size

78.0MB
Sample

230627-et7gcada44
MD5

0384071f9689dd73ab62e01ea41d10c3
SHA1

0543f15b99f606b8f5d01f5b80cdec9d8b7a1a13
SHA256

e1c2d482dbaf5814baa67c3ee21f62516b573676a90057c9f6544c7f887b33c9
SHA512

01dd6d1efca9362759e65e666cf92294dcedada5edc1e7dc9458811c9ac1953ffd4ca98fb8c96aa7770533ac168c603c337f17ee430af6557b6cc0a4486f31c3
SSDEEP

1572864:g/5BlBjXG7qJomGLGH+RXY3TRyU1lRs29Qq2AEs:AlB2GJodGuY3TDyq2AEs

Score

10^/10

bootkit discovery evasion persistence spyware stealer trojan

Static task

static1

1 signatures

Behavioral task

behavioral1

Sample

Avast Cleanup Premium.exe

Resource

win7-20230621-en

bootkit persistence spyware stealer

windows7-x64

10 signatures

150 seconds

Behavioral task

behavioral2

Sample

Avast Cleanup Premium.exe

Resource

win10v2004-20230621-en

bootkit discovery evasion persistence spyware stealer trojan

windows10-2004-x64

21 signatures

150 seconds

Malware Config

Targets

- Target
  
  Avast Cleanup Premium.exe
- Size
  
  78.0MB
- MD5
  
  0384071f9689dd73ab62e01ea41d10c3
- SHA1
  
  0543f15b99f606b8f5d01f5b80cdec9d8b7a1a13
- SHA256
  
  e1c2d482dbaf5814baa67c3ee21f62516b573676a90057c9f6544c7f887b33c9
- SHA512
  
  01dd6d1efca9362759e65e666cf92294dcedada5edc1e7dc9458811c9ac1953ffd4ca98fb8c96aa7770533ac168c603c337f17ee430af6557b6cc0a4486f31c3
- SSDEEP
  
  1572864:g/5BlBjXG7qJomGLGH+RXY3TRyU1lRs29Qq2AEs:AlB2GJodGuY3TDyq2AEs
Score

10^/10

bootkit persistence spyware stealer discovery evasion trojan
- UAC bypass
  evasion trojan
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Checks for any installed AV software in registry
- Checks installed software on the system
  Looks up Uninstall key entries in the registry to enumerate software on the system.
  discovery
- Checks whether UAC is enabled
  evasion trojan
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

Privilege Escalation

Bypass User Account Control

Defense Evasion

Bypass User Account Control

Disabling Security Tools

Modify Registry

Credential Access

Credentials in Files

Discovery

Query Registry

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistencespywarestealer

behavioral2

bootkitdiscoveryevasionpersistencespywarestealertrojan

© 2018-2025

Terms | Privacy