Overview

overview

8

Static

static

3

avast_secu...up.exe

windows10-2004-x64

8

Sharing

Copy URL Twitter E-mail

General

  • Target

    avast_secure_browser_setup.exe

  • Size

    5.7MB

  • Sample

    231009-s4dtnsga89

  • MD5

    431b068722dfbd902afcec6eea6779f3

  • SHA1

    17daef568dfb295c625e2f263c63c866737380d8

  • SHA256

    82d551913aaa4df8d7589461df77df68a139f2621f9bf3a89cf56d9b26c0479c

  • SHA512

    57db14f2e6d393a0e581f3785f1ecdc32d42b9245308cea85e99818152e13f2c474ce17798f329991ebe9fb789d5715b462bb7fed59c928b8f6178f92305d32b

  • SSDEEP

    98304:fa2emko0/tlapQgjpYeoM+TA+VhgsWBmQx0MoYrJspexgYf8mLtOPOASOQPnkB:y2Hko0/qp3bt6A+znSGM7Mex78QOEzkB

Score
8/10
bootkitdiscoveryevasionpersistencespywarestealertrojan

Malware Config

Targets

    • Target

      avast_secure_browser_setup.exe

    • Size

      5.7MB

    • MD5

      431b068722dfbd902afcec6eea6779f3

    • SHA1

      17daef568dfb295c625e2f263c63c866737380d8

    • SHA256

      82d551913aaa4df8d7589461df77df68a139f2621f9bf3a89cf56d9b26c0479c

    • SHA512

      57db14f2e6d393a0e581f3785f1ecdc32d42b9245308cea85e99818152e13f2c474ce17798f329991ebe9fb789d5715b462bb7fed59c928b8f6178f92305d32b

    • SSDEEP

      98304:fa2emko0/tlapQgjpYeoM+TA+VhgsWBmQx0MoYrJspexgYf8mLtOPOASOQPnkB:y2Hko0/qp3bt6A+znSGM7Mex78QOEzkB

    Score
    8/10
    bootkitdiscoveryevasionpersistencespywarestealertrojan

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • Sets file execution options in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Checks whether UAC is enabled

      evasiontrojan

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

MITRE ATT&CK Enterprise v15

Tasks