General

  • Target

    TotalAV_Setup.exe

  • Size

    54.8MB

  • Sample

    240310-axqwjsfg7t

  • MD5

    7e1760c63553d56fd73d0fc2dcbf4b5a

  • SHA1

    3bfba02d7ecd632c34de3803faa73315be4edb98

  • SHA256

    b9a83fd92044028d1dd0264b972c95c2cb7564e8bbf480b245c8bf28a1dcb51e

  • SHA512

    5f732813fc40726f8762297ad0856232dd94c30695949915a1b2bc5303429765acec772c21408e9b88fc469a16ba721f58e1a8827ef797d002b666d756aeb00b

  • SSDEEP

    786432:lcAokzH8aNMYff0v2oOPWCf4/CK8aAsy5fkMOgs34S7F2MOoQJ+LAgsFGUET9Xhc:l7HHff0C74/C5a21VsKMOxa72GUWxA

Malware Config

Targets

    • Target

      TotalAV_Setup.exe

    • Size

      54.8MB

    • MD5

      7e1760c63553d56fd73d0fc2dcbf4b5a

    • SHA1

      3bfba02d7ecd632c34de3803faa73315be4edb98

    • SHA256

      b9a83fd92044028d1dd0264b972c95c2cb7564e8bbf480b245c8bf28a1dcb51e

    • SHA512

      5f732813fc40726f8762297ad0856232dd94c30695949915a1b2bc5303429765acec772c21408e9b88fc469a16ba721f58e1a8827ef797d002b666d756aeb00b

    • SSDEEP

      786432:lcAokzH8aNMYff0v2oOPWCf4/CK8aAsy5fkMOgs34S7F2MOoQJ+LAgsFGUET9Xhc:l7HHff0C74/C5a21VsKMOxa72GUWxA

    • Creates new service(s)

    • Drops file in Drivers directory

    • ACProtect 1.3x - 1.4x DLL software

      Detects file using ACProtect software.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Drops file in System32 directory

    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/avupdate.exe

    • Size

      2.8MB

    • MD5

      e0947f2084e589a4d7f1c0f541b54321

    • SHA1

      3ca9be3bc2678b85e36b9823a617376a268ab889

    • SHA256

      afb45b8ae7d78085d95122ae01f6bac1515a89e7e2c87c55596670e2b5e922e1

    • SHA512

      316a214436031a498de8b2b6ca33cb9f73cacc3ee19f22f86d90583f817e35f0b93bd44e3af8e47baf1c7e44fc66b9c2031995cc4ce69a1bdbe980de93e5938f

    • SSDEEP

      49152:JevEk9Vcz8AGAIaaQ2ldCPGwdYbO9ZMzYuWP011w99oUQ8Pbto:JevUsAz8ld+ubO9Ssur1a8

    Score
    1/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgio.dll

    • Size

      153KB

    • MD5

      49e51045f2951fd248318ac9f1ccb18e

    • SHA1

      7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb

    • SHA256

      73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16

    • SHA512

      df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda

    • SSDEEP

      3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk

    Score
    3/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgntflt.sys

    • Size

      152KB

    • MD5

      6b60c0a7fdbabe955a183ae3b524d543

    • SHA1

      be68e043fb0f6e0ca745b8361924ad0869bf2bb9

    • SHA256

      33d6cc050cefb737b70431c7e493a0d7b7f5ae7546d36fd24a5d4b1ebf29d307

    • SHA512

      040ecbb33bbba5bba6206cee7717cff01fc8d3436762a4f2af6647cd9f02b31d48538ebc0d91b627fd0f9324375544905c2e09e4040c55b3642480e683f73df9

    • SSDEEP

      3072:3dxo0Wbd5kOx92/nQdp2kRaZE/I+j8CR/ehwdwTe6vuypGe08Uxb24lOPy:3dxo0Wbd5pJ/I88CR/p6vAnA4e

    Score
    1/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avipbb.sys

    • Size

      169KB

    • MD5

      a17862525867081a577923e210604a64

    • SHA1

      9b6f498bbda86fc464d6e5094bc8529ecd3e7579

    • SHA256

      2bf4e12f41f8d78737592b7f29b55206b2df15411cc2943e678f52096289d06f

    • SHA512

      e33c701cad149844913e5853187e4bbf43f6bc230fccaec21c847b373da7299849f2f3d93e6a07dc2c3c774f5119a31f0f44ed77821cc1e8dda93661e620b2ca

    • SSDEEP

      3072:E6zDMkFB5rqrDX7r5E2wnyKVxqxJNxBIRxUcx5VEv3QuhznmZmopCn7:3zDMU5cHq2wn/EJNIRxXx5KB1Omo07

    Score
    1/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avkmgr.sys

    • Size

      35KB

    • MD5

      20894c53c0b9db8f86993d9ecb78f9d5

    • SHA1

      7c18c5b571c906535d393a5165379f6316143107

    • SHA256

      d5e35a021e2a8e676b9034a2c712907f170d3f5b7315d516f317f51cd03ddd06

    • SHA512

      7fbd637c64a3ed5ce202864197ee26e0d97f84be8bb0bfd5bdbfcf500f370764545489de8d83c347e5f15a414bf5d614377a60983803924935453266f8af5d24

    • SSDEEP

      384:pSxWv2ZhZ4mAjuPUEA1aVrFiFdWeFuu9BTQe7r/nYPLvdJUHeMPP:gS8ZIuPwoz4dWeFuubQEr/KdkP

    Score
    1/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avgio.dll

    • Size

      153KB

    • MD5

      49e51045f2951fd248318ac9f1ccb18e

    • SHA1

      7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb

    • SHA256

      73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16

    • SHA512

      df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda

    • SSDEEP

      3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk

    Score
    3/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avgntflt.sys

    • Size

      172KB

    • MD5

      f16335a9102ffc99a8c8e07e1b2d57d4

    • SHA1

      32ddb4251591e40db352661be4721c5c6402b90a

    • SHA256

      33c6b1d49ab13d6ae9f22e05d77b70123de63c802363da0daf1be958b7d3d532

    • SHA512

      57746307cab7e82e9e7ef5f033628810997954a40cf57f34650cbc9ac77fc2fa3465f1206f87e0082edc4121114dd71f2f816a628872fde26136012766a5cc52

    • SSDEEP

      3072:mPhzNgtyTnwf3UCPID5tfaElzgbSvTR7VHhoxM732FrBT5t3BMXv8DBf:qhGtyTHC2tDcSvTZ9+Oarf9BMMd

    Score
    1/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avipbb.sys

    • Size

      196KB

    • MD5

      18ed8302d083dad602823988a304a4f6

    • SHA1

      01014fd10d7babd6d81bb7e9511ffa7e13c890fa

    • SHA256

      629da28ac97f5b17b1603059242088727e1552d68fe350f97fcd0b67d412ab25

    • SHA512

      de9ea04221fb1270db37d35fcc1acdf7265103e079fd31566b0a043a1fa3b2267a034b720a3070538f289fd3847171d3d54277417ba0f67aede86f1b78db220d

    • SSDEEP

      3072:FiRnqR7d4wgBQIFnh/Lpx211rrYQwKiYB+Qua7KjoLxkAAFP:Fiq4PbL/2THYQwK7B+Bau0S

    Score
    1/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avkmgr.sys

    • Size

      53KB

    • MD5

      e3ab0eeb7613ddbacc0388b96048ff5d

    • SHA1

      f6e382597081451d6546339948edd3e854b7dfae

    • SHA256

      5fdde96d05b4284fa7ee985a7777739c46040ad89b3b8217a729da9695e3e542

    • SHA512

      40c0c7ac884297350a40d58a6a870796381ccb82ade22d69ca3cb9be0c3251b8768f95ab4b0f28f209ed65aed23894a7e77529316250ace7e5da8a99d0bb81a1

    • SSDEEP

      768:ginpYN85Ry72IqbyReYU6uPwoz4djHIEoF+NdKduH1Qk8AI24o3whJ:BpsK64yRGwospoJFsEuH+k8AH1ghJ

    Score
    1/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgio.dll

    • Size

      153KB

    • MD5

      49e51045f2951fd248318ac9f1ccb18e

    • SHA1

      7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb

    • SHA256

      73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16

    • SHA512

      df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda

    • SSDEEP

      3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk

    Score
    3/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgntflt.sys

    • Size

      216KB

    • MD5

      d9f90202659f8ce4d5db6e83d24b46dd

    • SHA1

      29a7b1068a5090ee59db422364b42d2c8f072a46

    • SHA256

      31a3f5c4b19040eb20bc15b4609068128fb6028e137e98f2b2c6c679d0311c4d

    • SHA512

      b0a9a0c0f18446e6a2b9ad3200dbd2cb94acae5df553beb971b41220304941219d12d3e94ed91dec254e6b907dac6fcb1aa72a822a09a8e523cc76071b221c31

    • SSDEEP

      3072:vMPogiYZ1dqoWYYCGxbceUW8bUDsQWBsMPelkz4IQ9RLNM/qIn20aqB:vooQZ1ddW5VUWvDTMGls4IQ9ZN

    Score
    1/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avipbb.sys

    • Size

      172KB

    • MD5

      b49a44df6fe77ccb861985f5a5dd7ba5

    • SHA1

      6e5163e191dd789f8cc33a531ce9ddd9bed2a842

    • SHA256

      e442e66d3e24d54696c8687d1bd1a9ab41ed34b723d2b25af195589d11c4fcde

    • SHA512

      d53f56966c8750edc513c86c8e9b47fa1f0445a86a1d92621f1aa5fc9b9400a4a7f65b9ae0d2e537c9dde1b23b16fbd56af8ab74d62a8a777106e9b16e58be89

    • SSDEEP

      3072:sUnNOdMrlqdSL3W3TRjWLKcudx0TzBrt6Ozv7druQuxAmP9FrN:PnQurlLLmxQu/0SOzZSBxDX

    Score
    1/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avkmgr.sys

    • Size

      35KB

    • MD5

      eb5c2402e2f402a19504bf6ca9c3e06a

    • SHA1

      63aa9690c36d743951558422d841276c25cde77d

    • SHA256

      f8d33bbf769786163105c0fa794970054bad34cc5985416af553df1d9a64039b

    • SHA512

      9b6b7c06e904cf36aefc17e14a108e9636c3a8920a34960dcb26fa520326c7ff47f03c24bacaec6ba91440237fb16afde0df01c299cdd7a89c40cc489a3f0151

    • SSDEEP

      768:p5UbgvCkoe+nuPwoz4dC2xfDKKdqe0nKUbZ:88axeLwos42xfDpqevq

    Score
    1/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win8/avgio.dll

    • Size

      153KB

    • MD5

      49e51045f2951fd248318ac9f1ccb18e

    • SHA1

      7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb

    • SHA256

      73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16

    • SHA512

      df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda

    • SSDEEP

      3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk

    Score
    3/10
    • Target

      $APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win8/avgntflt.sys

    • Size

      204KB

    • MD5

      ec059af10524644bddcc073916e78375

    • SHA1

      93a9466afee21f61f643f540b2ab82ac7db60b62

    • SHA256

      868ecdf543865035a3703e8837869441683b8ab396eaadf6aaa0e455e8393c5e

    • SHA512

      88310251e07eb6edda3eb28d057a18fd7d1ea7a9adc5f861fa7ad127561bfb035468974fd11685b66654fc37dc3577d7d720e2e9e4f4fc38d116c1089ee9afe7

    • SSDEEP

      6144:S2M8JRGRI16YO/HqUU2miFjq5K3vPRTh9EsRbmN6:S25ERI16htvo5K3vPRr+

    Score
    1/10
    • Target

      Microsoft.AppCenter.Analytics.dll

    • Size

      13KB

    • MD5

      d4041b4e6cef641e52922aae24358e67

    • SHA1

      03cd00c2094e6747b0bc489f1927d29dae39b5ea

    • SHA256

      ac8b2f3785163b38c4473f1aa25616a4616e2fbb29332fe3dd8da9574fc3c4cf

    • SHA512

      728dcee4a9e3909f760edbd6a6e582c6c40162f37cf0c5e61bb092679ef91e47e8e5bdba468c40f24010ae795f6e277ff1c60b9e46bee2dbc94b3d9c6491570a

    • SSDEEP

      384:FHusqPUYyBiwwu9sXZsQb+Jx4veT6pzBcwyWUVMW:FOsqsYb9w7UBcH

    Score
    1/10
    • Target

      Microsoft.AppCenter.Crashes.dll

    • Size

      41KB

    • MD5

      389e880efe79f750488feed7fa52b1d2

    • SHA1

      b0a58209ddd87d4ec1240bc1b556889850965148

    • SHA256

      1ac20df009a8879ff946388741b781b37f8209ac93260ff8a00573376def08be

    • SHA512

      ce378858dd67c8ff7972036db1b558603c0c7bf74b82c0c965fcd039138be3eee08fb729b879a1c66b41d8fab7c70c0a9ad1c8e5c9490c4967cec87b2f62b436

    • SSDEEP

      768:qs8Fis/HebQPbM9z9iDk+gGCHeHGoSMwdevPf:qr1bMvHXlemtde3f

    Score
    1/10

MITRE ATT&CK Enterprise v15

Tasks

static1

upxblackguard
Score
10/10

behavioral1

Score
4/10

behavioral2

discoverypersistencespywarestealerupx
Score
8/10

behavioral3

Score
1/10

behavioral4

Score
1/10

behavioral5

Score
3/10

behavioral6

Score
3/10

behavioral7

Score
1/10

behavioral8

Score
1/10

behavioral9

Score
1/10

behavioral10

Score
1/10

behavioral11

Score
1/10

behavioral12

Score
1/10

behavioral13

Score
3/10

behavioral14

Score
3/10

behavioral15

Score
1/10

behavioral16

Score
1/10

behavioral17

Score
1/10

behavioral18

Score
3/10

behavioral19

Score
3/10

behavioral20

Score
1/10

behavioral21

Score
1/10

behavioral22

Score
1/10

behavioral23

Score
1/10

behavioral24

Score
1/10

behavioral25

Score
1/10

behavioral26

Score
3/10

behavioral27

Score
3/10

behavioral28

Score
1/10

behavioral29

Score
1/10

behavioral30

Score
1/10

behavioral31

Score
1/10

behavioral32

Score
1/10