Overview

overview

8

Static

static

3

avast_secu...up.exe

windows11-21h2-x64

8

$PLUGINSDI...ns.dll

windows11-21h2-x64

3

$PLUGINSDIR/Midex.dll

windows11-21h2-x64

6

$PLUGINSDIR/jsis.dll

windows11-21h2-x64

3

$PLUGINSDI...ON.dll

windows11-21h2-x64

3

$_107_.dll

windows11-21h2-x64

1

Resubmissions

22-03-2024 13:41

240322-qzd8jaed3s 8

28-12-2023 08:18

231228-j7d46scdd9 8

13-12-2023 16:39

231213-t55t8aggb9 8

13-11-2023 18:53

231113-xjvznsee5s 8

20-10-2023 12:54

231020-p49dssch35 8

18-10-2023 12:57

231018-p6wwgsga73 8

14-10-2023 13:18

231014-qkc2xsef2w 8

13-10-2023 08:25

231013-kbcf5sfh5w 8

11-10-2023 09:32

231011-lhkxjadh3v 8

11-10-2023 09:28

231011-lfb7lsfg37 7

Sharing

Copy URL
Twitter E-mail

General

  • Target

    avast_secure_browser_setup.exe

  • Size

    5.8MB

  • Sample

    240322-qzd8jaed3s

  • MD5

    3ad1c03d333da86a47884f01b8ae7664

  • SHA1

    9feb944a823a0374f6db7bfd5abf78b494e49782

  • SHA256

    4b6cc676769de04acf4936a5a395349cb779616c0621c5921bf07c3e405b51ee

  • SHA512

    121c6bd0150ecde57e379a62a19583c1412cd6f411ef46533a3d3241c59613905e56ae58943bc685ba7f892bbf37018ec34d3e6f6fdb36efd39220b2db60cb1f

  • SSDEEP

    98304:R8PxEloFJNcSmf0UH/Z10hTSYPHnyJLhNr1/K9O6oTCA+iGGps74a4:RSvFJyBsucZ74hNxKDiG/4a

Score
8/10
bootkitdiscoverypersistencespywarestealer

Malware Config

Targets

    • Target

      avast_secure_browser_setup.exe

    • Size

      5.8MB

    • MD5

      3ad1c03d333da86a47884f01b8ae7664

    • SHA1

      9feb944a823a0374f6db7bfd5abf78b494e49782

    • SHA256

      4b6cc676769de04acf4936a5a395349cb779616c0621c5921bf07c3e405b51ee

    • SHA512

      121c6bd0150ecde57e379a62a19583c1412cd6f411ef46533a3d3241c59613905e56ae58943bc685ba7f892bbf37018ec34d3e6f6fdb36efd39220b2db60cb1f

    • SSDEEP

      98304:R8PxEloFJNcSmf0UH/Z10hTSYPHnyJLhNr1/K9O6oTCA+iGGps74a4:RSvFJyBsucZ74hNxKDiG/4a

    Score
    8/10
    bootkitdiscoverypersistencespywarestealer

    • Downloads MZ/PE file

    • Modifies Installed Components in the registry

      persistence

    • Sets file execution options in registry

      persistence

    • Checks BIOS information in registry

      BIOS information is often read in order to detect sandboxing environments.

    • Executes dropped EXE

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

      spywarestealer

    • Registers COM server for autorun

      persistence

    • Checks for any installed AV software in registry

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

      discovery

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral1

    • Target

      $PLUGINSDIR/JsisPlugins.dll

    • Size

      2.1MB

    • MD5

      04091b9dc274a8aeceaa250d9d5aed4e

    • SHA1

      39a8988a05b866ec3505be1650e521d2b3e71c1b

    • SHA256

      dd54abccddbfdf9ad318f2434ea61fe16c446b0e0eb1b86f6f06124c6e3708eb

    • SHA512

      7b2fc948b84d71f39b124690eb9fc4110d49b9750874171be634f39b747613e3380d4ff3968dae26eac127b66838f09781f8716549cc74046a36f9c8c5e8008b

    • SSDEEP

      49152:tdvRIHldYQpQzyXT0MY73AHbmPTX2AuchZyE1F4iqA9AfzqteB849r:t7IHlrptXTnbmPTX2AuchZp1F4Djzqt

    Score
    3/10
    behavioral2

    • Target

      $PLUGINSDIR/Midex.dll

    • Size

      126KB

    • MD5

      26ae155bc699bb8d535006d9889366ec

    • SHA1

      47990e176505ba8fe8c9aa43018c71ce84702ed8

    • SHA256

      7fd5d84381997482870359c50f43eeb52228ae3f75311405c6e80fb79203aea9

    • SHA512

      03a21e68b8c5d5e2206bcd4b2795b6fabda9b6bafe5339f213dcfe7297a557cde93b85321f0fdc7b14fb7c602b71d8e0673c326994a43e72e6cab532843a7161

    • SSDEEP

      3072:8ACUTz1JlJmpGB6yK4H9l4o8rr4YlixbSrZKbazGNbx:8ACUTz1JlopG5K4OZgeC

    Score
    6/10
    bootkitpersistence

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

      bootkitpersistence
    behavioral3

    • Target

      $PLUGINSDIR/jsis.dll

    • Size

      127KB

    • MD5

      6b740d7060e09cfee3523704436ba00f

    • SHA1

      f369460d22992b8a468f08fc19f208de52e2cb18

    • SHA256

      65c041a218bf05cfe824ebc155b4bf5749b3a2eca84be5e8f092927f09152b1b

    • SHA512

      2c0cf9c8470d70a381c8ee0c09c81a6a643123c8bd96a5b32eaabf368d347cbd2eb771488a7ea150bd817b8fd2cc5b8ac84dd81830e5e6e31b9f01bc4ae50486

    • SSDEEP

      3072:y3Zk9fOAewM0+W8NVHm8fB9I7CwHWo8Phf1A/Jx:y3qNOApM1W8fBmCuW0

    Score
    3/10
    behavioral4

    • Target

      $PLUGINSDIR/nsJSON.dll

    • Size

      36KB

    • MD5

      0acda819bacbed7d368f036847960ae3

    • SHA1

      8a4367182e41076e28870ef60efa8630ecdf846c

    • SHA256

      2508170aa8ed183c2dba984cb22c0d622359963b4ee0099c734875b862b17800

    • SHA512

      d501737aa62fae54552f382ab87e749ef9f3bc1349fd0945fa3eca9ebbcd6c690961a5f764aafe994f396bc303fa44d9670969b84810fa5fcadd1a20a469d321

    • SSDEEP

      768:u1vTYFHvlhqjbm8oEHB6hC+/3P4LA27bRpqYigreGPxWEW:u1bYPHqu7EUhL27bTq7greGPx

    Score
    3/10
    behavioral5

    • Target

      $_107_

    • Size

      6.3MB

    • MD5

      4f7b95ed60a1d7af420ab4f64008f04a

    • SHA1

      2176551d8975a2d7ff1e6316e98caaa0b7b2997a

    • SHA256

      efb60ee7df09a336952570b3645b5125994fd57db504fb1edf9e451fed038d04

    • SHA512

      7260a334c558673180aa7ab337c32eebafbca4c9a3ef9dcf60a3d8c20e854e76bc9d44d9e2fb21db44c400314923c1ec14c088612e1d0cf5f14e72221fb84a89

    • SSDEEP

      98304:RTvkQ/nTstrpzpNBcSrMVudcoCL+34a5eB2atknfQJlH7ixiu1aqrqNCwLFCtzJ:RTvkTLVTAudcoJheBnknfFrqNjg

    Score
    1/10
    behavioral6

MITRE ATT&CK Enterprise v15

Tasks