General
-
Target
av_downloader.exe
-
Size
90KB
-
Sample
240420-n386zagb92
-
MD5
8af4f985862c71682e796dcc912f27dc
-
SHA1
7f83117abfeff070d41d8144cf1dfe3af8607d27
-
SHA256
d925204430ffab51ffbbb9dc90bc224b04f0c2196769850695512245a886be06
-
SHA512
3d4fcd9755dc4ea005fcd46e78426c5f71b50873c5174a69abcdff41a2e0405c87a36137c0c2409abedadb0ecdf622cbfd2fa1b59a2e06c81cef68d7c6c663b7
-
SSDEEP
1536:v7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfnweJbOC:D7DhdC6kzWypvaQ0FxyNTBfnBV
Malware Config
Targets
-
-
Target
av_downloader.exe
-
Size
90KB
-
MD5
8af4f985862c71682e796dcc912f27dc
-
SHA1
7f83117abfeff070d41d8144cf1dfe3af8607d27
-
SHA256
d925204430ffab51ffbbb9dc90bc224b04f0c2196769850695512245a886be06
-
SHA512
3d4fcd9755dc4ea005fcd46e78426c5f71b50873c5174a69abcdff41a2e0405c87a36137c0c2409abedadb0ecdf622cbfd2fa1b59a2e06c81cef68d7c6c663b7
-
SSDEEP
1536:v7fbN3eEDhDPA/pICdUkbBtW7upvaLU0bI5taxKo0IOlnToIfnweJbOC:D7DhdC6kzWypvaQ0FxyNTBfnBV
Score10/10-
UAC bypass
-
Sets file to hidden
Modifies file attributes to stop it showing in Explorer etc.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Enumerates connected drives
Attempts to read the root path of hard drives other than the default C: drive.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Scheduled Task/Job
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Hide Artifacts
2Hidden Files and Directories
2Impair Defenses
1Disable or Modify Tools
1Modify Registry
2