Overview
overview
10Static
static
10TotalAV_Setup.exe
windows7-x64
4TotalAV_Setup.exe
windows10-2004-x64
8$APPDATA/T...te.exe
windows7-x64
1$APPDATA/T...te.exe
windows10-2004-x64
1$APPDATA/T...io.dll
windows7-x64
3$APPDATA/T...io.dll
windows10-2004-x64
3$APPDATA/T...lt.sys
windows7-x64
1$APPDATA/T...lt.sys
windows10-2004-x64
1$APPDATA/T...bb.sys
windows7-x64
1$APPDATA/T...bb.sys
windows10-2004-x64
1$APPDATA/T...gr.sys
windows7-x64
1$APPDATA/T...gr.sys
windows10-2004-x64
1$APPDATA/T...io.dll
windows7-x64
3$APPDATA/T...io.dll
windows10-2004-x64
3$APPDATA/T...lt.sys
windows10-2004-x64
1$APPDATA/T...bb.sys
windows10-2004-x64
1$APPDATA/T...gr.sys
windows10-2004-x64
1$APPDATA/T...io.dll
windows7-x64
3$APPDATA/T...io.dll
windows10-2004-x64
3$APPDATA/T...lt.sys
windows7-x64
1$APPDATA/T...lt.sys
windows10-2004-x64
1$APPDATA/T...bb.sys
windows7-x64
1$APPDATA/T...bb.sys
windows10-2004-x64
1$APPDATA/T...gr.sys
windows7-x64
1$APPDATA/T...gr.sys
windows10-2004-x64
1$APPDATA/T...io.dll
windows7-x64
3$APPDATA/T...io.dll
windows10-2004-x64
3$APPDATA/T...lt.sys
windows10-2004-x64
1Microsoft....cs.dll
windows7-x64
1Microsoft....cs.dll
windows10-2004-x64
1Microsoft....es.dll
windows7-x64
1Microsoft....es.dll
windows10-2004-x64
1General
-
Target
TotalAV_Setup.exe
-
Size
54.8MB
-
Sample
240310-axqwjsfg7t
-
MD5
7e1760c63553d56fd73d0fc2dcbf4b5a
-
SHA1
3bfba02d7ecd632c34de3803faa73315be4edb98
-
SHA256
b9a83fd92044028d1dd0264b972c95c2cb7564e8bbf480b245c8bf28a1dcb51e
-
SHA512
5f732813fc40726f8762297ad0856232dd94c30695949915a1b2bc5303429765acec772c21408e9b88fc469a16ba721f58e1a8827ef797d002b666d756aeb00b
-
SSDEEP
786432:lcAokzH8aNMYff0v2oOPWCf4/CK8aAsy5fkMOgs34S7F2MOoQJ+LAgsFGUET9Xhc:l7HHff0C74/C5a21VsKMOxa72GUWxA
Behavioral task
behavioral1
Sample
TotalAV_Setup.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
TotalAV_Setup.exe
Resource
win10v2004-20231215-en
Behavioral task
behavioral3
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/avupdate.exe
Resource
win7-20240221-en
Behavioral task
behavioral4
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/avupdate.exe
Resource
win10v2004-20240226-en
Behavioral task
behavioral5
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgio.dll
Resource
win7-20240221-en
Behavioral task
behavioral6
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgio.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral7
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgntflt.sys
Resource
win7-20231129-en
Behavioral task
behavioral8
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgntflt.sys
Resource
win10v2004-20240226-en
Behavioral task
behavioral9
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avipbb.sys
Resource
win7-20240221-en
Behavioral task
behavioral10
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avipbb.sys
Resource
win10v2004-20240226-en
Behavioral task
behavioral11
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avkmgr.sys
Resource
win7-20240221-en
Behavioral task
behavioral12
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avkmgr.sys
Resource
win10v2004-20240226-en
Behavioral task
behavioral13
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avgio.dll
Resource
win7-20240221-en
Behavioral task
behavioral14
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avgio.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral15
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avgntflt.sys
Resource
win10v2004-20240226-en
Behavioral task
behavioral16
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avipbb.sys
Resource
win10v2004-20240226-en
Behavioral task
behavioral17
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avkmgr.sys
Resource
win10v2004-20240226-en
Behavioral task
behavioral18
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgio.dll
Resource
win7-20240221-en
Behavioral task
behavioral19
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgio.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral20
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgntflt.sys
Resource
win7-20240221-en
Behavioral task
behavioral21
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgntflt.sys
Resource
win10v2004-20240226-en
Behavioral task
behavioral22
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avipbb.sys
Resource
win7-20240221-en
Behavioral task
behavioral23
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avipbb.sys
Resource
win10v2004-20240226-en
Behavioral task
behavioral24
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avkmgr.sys
Resource
win7-20240221-en
Behavioral task
behavioral25
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avkmgr.sys
Resource
win10v2004-20240226-en
Behavioral task
behavioral26
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win8/avgio.dll
Resource
win7-20240221-en
Behavioral task
behavioral27
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win8/avgio.dll
Resource
win10v2004-20231215-en
Behavioral task
behavioral28
Sample
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win8/avgntflt.sys
Resource
win10v2004-20240226-en
Behavioral task
behavioral29
Sample
Microsoft.AppCenter.Analytics.dll
Resource
win7-20240221-en
Behavioral task
behavioral30
Sample
Microsoft.AppCenter.Analytics.dll
Resource
win10v2004-20240226-en
Behavioral task
behavioral31
Sample
Microsoft.AppCenter.Crashes.dll
Resource
win7-20240220-en
Behavioral task
behavioral32
Sample
Microsoft.AppCenter.Crashes.dll
Resource
win10v2004-20240226-en
Malware Config
Targets
-
-
Target
TotalAV_Setup.exe
-
Size
54.8MB
-
MD5
7e1760c63553d56fd73d0fc2dcbf4b5a
-
SHA1
3bfba02d7ecd632c34de3803faa73315be4edb98
-
SHA256
b9a83fd92044028d1dd0264b972c95c2cb7564e8bbf480b245c8bf28a1dcb51e
-
SHA512
5f732813fc40726f8762297ad0856232dd94c30695949915a1b2bc5303429765acec772c21408e9b88fc469a16ba721f58e1a8827ef797d002b666d756aeb00b
-
SSDEEP
786432:lcAokzH8aNMYff0v2oOPWCf4/CK8aAsy5fkMOgs34S7F2MOoQJ+LAgsFGUET9Xhc:l7HHff0C74/C5a21VsKMOxa72GUWxA
Score8/10-
Creates new service(s)
-
Drops file in Drivers directory
-
ACProtect 1.3x - 1.4x DLL software
Detects file using ACProtect software.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Drops file in System32 directory
-
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/avupdate.exe
-
Size
2.8MB
-
MD5
e0947f2084e589a4d7f1c0f541b54321
-
SHA1
3ca9be3bc2678b85e36b9823a617376a268ab889
-
SHA256
afb45b8ae7d78085d95122ae01f6bac1515a89e7e2c87c55596670e2b5e922e1
-
SHA512
316a214436031a498de8b2b6ca33cb9f73cacc3ee19f22f86d90583f817e35f0b93bd44e3af8e47baf1c7e44fc66b9c2031995cc4ce69a1bdbe980de93e5938f
-
SSDEEP
49152:JevEk9Vcz8AGAIaaQ2ldCPGwdYbO9ZMzYuWP011w99oUQ8Pbto:JevUsAz8ld+ubO9Ssur1a8
Score1/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgio.dll
-
Size
153KB
-
MD5
49e51045f2951fd248318ac9f1ccb18e
-
SHA1
7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb
-
SHA256
73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16
-
SHA512
df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda
-
SSDEEP
3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk
Score3/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avgntflt.sys
-
Size
152KB
-
MD5
6b60c0a7fdbabe955a183ae3b524d543
-
SHA1
be68e043fb0f6e0ca745b8361924ad0869bf2bb9
-
SHA256
33d6cc050cefb737b70431c7e493a0d7b7f5ae7546d36fd24a5d4b1ebf29d307
-
SHA512
040ecbb33bbba5bba6206cee7717cff01fc8d3436762a4f2af6647cd9f02b31d48538ebc0d91b627fd0f9324375544905c2e09e4040c55b3642480e683f73df9
-
SSDEEP
3072:3dxo0Wbd5kOx92/nQdp2kRaZE/I+j8CR/ehwdwTe6vuypGe08Uxb24lOPy:3dxo0Wbd5pJ/I88CR/p6vAnA4e
Score1/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avipbb.sys
-
Size
169KB
-
MD5
a17862525867081a577923e210604a64
-
SHA1
9b6f498bbda86fc464d6e5094bc8529ecd3e7579
-
SHA256
2bf4e12f41f8d78737592b7f29b55206b2df15411cc2943e678f52096289d06f
-
SHA512
e33c701cad149844913e5853187e4bbf43f6bc230fccaec21c847b373da7299849f2f3d93e6a07dc2c3c774f5119a31f0f44ed77821cc1e8dda93661e620b2ca
-
SSDEEP
3072:E6zDMkFB5rqrDX7r5E2wnyKVxqxJNxBIRxUcx5VEv3QuhznmZmopCn7:3zDMU5cHq2wn/EJNIRxXx5KB1Omo07
Score1/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win7/avkmgr.sys
-
Size
35KB
-
MD5
20894c53c0b9db8f86993d9ecb78f9d5
-
SHA1
7c18c5b571c906535d393a5165379f6316143107
-
SHA256
d5e35a021e2a8e676b9034a2c712907f170d3f5b7315d516f317f51cd03ddd06
-
SHA512
7fbd637c64a3ed5ce202864197ee26e0d97f84be8bb0bfd5bdbfcf500f370764545489de8d83c347e5f15a414bf5d614377a60983803924935453266f8af5d24
-
SSDEEP
384:pSxWv2ZhZ4mAjuPUEA1aVrFiFdWeFuu9BTQe7r/nYPLvdJUHeMPP:gS8ZIuPwoz4dWeFuubQEr/KdkP
Score1/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avgio.dll
-
Size
153KB
-
MD5
49e51045f2951fd248318ac9f1ccb18e
-
SHA1
7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb
-
SHA256
73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16
-
SHA512
df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda
-
SSDEEP
3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk
Score3/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avgntflt.sys
-
Size
172KB
-
MD5
f16335a9102ffc99a8c8e07e1b2d57d4
-
SHA1
32ddb4251591e40db352661be4721c5c6402b90a
-
SHA256
33c6b1d49ab13d6ae9f22e05d77b70123de63c802363da0daf1be958b7d3d532
-
SHA512
57746307cab7e82e9e7ef5f033628810997954a40cf57f34650cbc9ac77fc2fa3465f1206f87e0082edc4121114dd71f2f816a628872fde26136012766a5cc52
-
SSDEEP
3072:mPhzNgtyTnwf3UCPID5tfaElzgbSvTR7VHhoxM732FrBT5t3BMXv8DBf:qhGtyTHC2tDcSvTZ9+Oarf9BMMd
Score1/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avipbb.sys
-
Size
196KB
-
MD5
18ed8302d083dad602823988a304a4f6
-
SHA1
01014fd10d7babd6d81bb7e9511ffa7e13c890fa
-
SHA256
629da28ac97f5b17b1603059242088727e1552d68fe350f97fcd0b67d412ab25
-
SHA512
de9ea04221fb1270db37d35fcc1acdf7265103e079fd31566b0a043a1fa3b2267a034b720a3070538f289fd3847171d3d54277417ba0f67aede86f1b78db220d
-
SSDEEP
3072:FiRnqR7d4wgBQIFnh/Lpx211rrYQwKiYB+Qua7KjoLxkAAFP:Fiq4PbL/2THYQwK7B+Bau0S
Score1/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win32/win8/avkmgr.sys
-
Size
53KB
-
MD5
e3ab0eeb7613ddbacc0388b96048ff5d
-
SHA1
f6e382597081451d6546339948edd3e854b7dfae
-
SHA256
5fdde96d05b4284fa7ee985a7777739c46040ad89b3b8217a729da9695e3e542
-
SHA512
40c0c7ac884297350a40d58a6a870796381ccb82ade22d69ca3cb9be0c3251b8768f95ab4b0f28f209ed65aed23894a7e77529316250ace7e5da8a99d0bb81a1
-
SSDEEP
768:ginpYN85Ry72IqbyReYU6uPwoz4djHIEoF+NdKduH1Qk8AI24o3whJ:BpsK64yRGwospoJFsEuH+k8AH1ghJ
Score1/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgio.dll
-
Size
153KB
-
MD5
49e51045f2951fd248318ac9f1ccb18e
-
SHA1
7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb
-
SHA256
73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16
-
SHA512
df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda
-
SSDEEP
3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk
Score3/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avgntflt.sys
-
Size
216KB
-
MD5
d9f90202659f8ce4d5db6e83d24b46dd
-
SHA1
29a7b1068a5090ee59db422364b42d2c8f072a46
-
SHA256
31a3f5c4b19040eb20bc15b4609068128fb6028e137e98f2b2c6c679d0311c4d
-
SHA512
b0a9a0c0f18446e6a2b9ad3200dbd2cb94acae5df553beb971b41220304941219d12d3e94ed91dec254e6b907dac6fcb1aa72a822a09a8e523cc76071b221c31
-
SSDEEP
3072:vMPogiYZ1dqoWYYCGxbceUW8bUDsQWBsMPelkz4IQ9RLNM/qIn20aqB:vooQZ1ddW5VUWvDTMGls4IQ9ZN
Score1/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avipbb.sys
-
Size
172KB
-
MD5
b49a44df6fe77ccb861985f5a5dd7ba5
-
SHA1
6e5163e191dd789f8cc33a531ce9ddd9bed2a842
-
SHA256
e442e66d3e24d54696c8687d1bd1a9ab41ed34b723d2b25af195589d11c4fcde
-
SHA512
d53f56966c8750edc513c86c8e9b47fa1f0445a86a1d92621f1aa5fc9b9400a4a7f65b9ae0d2e537c9dde1b23b16fbd56af8ab74d62a8a777106e9b16e58be89
-
SSDEEP
3072:sUnNOdMrlqdSL3W3TRjWLKcudx0TzBrt6Ozv7druQuxAmP9FrN:PnQurlLLmxQu/0SOzZSBxDX
Score1/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win7/avkmgr.sys
-
Size
35KB
-
MD5
eb5c2402e2f402a19504bf6ca9c3e06a
-
SHA1
63aa9690c36d743951558422d841276c25cde77d
-
SHA256
f8d33bbf769786163105c0fa794970054bad34cc5985416af553df1d9a64039b
-
SHA512
9b6b7c06e904cf36aefc17e14a108e9636c3a8920a34960dcb26fa520326c7ff47f03c24bacaec6ba91440237fb16afde0df01c299cdd7a89c40cc489a3f0151
-
SSDEEP
768:p5UbgvCkoe+nuPwoz4dC2xfDKKdqe0nKUbZ:88axeLwos42xfDpqevq
Score1/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win8/avgio.dll
-
Size
153KB
-
MD5
49e51045f2951fd248318ac9f1ccb18e
-
SHA1
7a09bfa925fb2703bba5b26ddeae1ec7e3a481fb
-
SHA256
73b563935d96d328d5e13d05ddc35f24b69237e4c4b7b183ee66aeeb3ccd9c16
-
SHA512
df00015514bbcdd6d0ff9c38485ee65d7700fb7cadd4327d12230d63f078da5e9aa5fd11aec9f8c741bdf7c84c84c38543af1f71ebc12a4477415e2c5ab9deda
-
SSDEEP
3072:kBWuZL07xXI4ZUgZ/aAD4uQWh3C56jn/KutS8t/6aqDDNYt0c:Sw9Y4GVAD40h3f/KutSgGk
Score3/10 -
-
-
Target
$APPDATA/TotalAV/updates/SAVAPI 11.0.1/on_access/win64/win8/avgntflt.sys
-
Size
204KB
-
MD5
ec059af10524644bddcc073916e78375
-
SHA1
93a9466afee21f61f643f540b2ab82ac7db60b62
-
SHA256
868ecdf543865035a3703e8837869441683b8ab396eaadf6aaa0e455e8393c5e
-
SHA512
88310251e07eb6edda3eb28d057a18fd7d1ea7a9adc5f861fa7ad127561bfb035468974fd11685b66654fc37dc3577d7d720e2e9e4f4fc38d116c1089ee9afe7
-
SSDEEP
6144:S2M8JRGRI16YO/HqUU2miFjq5K3vPRTh9EsRbmN6:S25ERI16htvo5K3vPRr+
Score1/10 -
-
-
Target
Microsoft.AppCenter.Analytics.dll
-
Size
13KB
-
MD5
d4041b4e6cef641e52922aae24358e67
-
SHA1
03cd00c2094e6747b0bc489f1927d29dae39b5ea
-
SHA256
ac8b2f3785163b38c4473f1aa25616a4616e2fbb29332fe3dd8da9574fc3c4cf
-
SHA512
728dcee4a9e3909f760edbd6a6e582c6c40162f37cf0c5e61bb092679ef91e47e8e5bdba468c40f24010ae795f6e277ff1c60b9e46bee2dbc94b3d9c6491570a
-
SSDEEP
384:FHusqPUYyBiwwu9sXZsQb+Jx4veT6pzBcwyWUVMW:FOsqsYb9w7UBcH
Score1/10 -
-
-
Target
Microsoft.AppCenter.Crashes.dll
-
Size
41KB
-
MD5
389e880efe79f750488feed7fa52b1d2
-
SHA1
b0a58209ddd87d4ec1240bc1b556889850965148
-
SHA256
1ac20df009a8879ff946388741b781b37f8209ac93260ff8a00573376def08be
-
SHA512
ce378858dd67c8ff7972036db1b558603c0c7bf74b82c0c965fcd039138be3eee08fb729b879a1c66b41d8fab7c70c0a9ad1c8e5c9490c4967cec87b2f62b436
-
SSDEEP
768:qs8Fis/HebQPbM9z9iDk+gGCHeHGoSMwdevPf:qr1bMvHXlemtde3f
Score1/10 -
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Create or Modify System Process
1Windows Service
1