18b325e67a6c0dda89f85659acb7aca3dc4c15b2dfcbe9084e9d2bc993295b62 | Triage

Sharing

General

Target

онлайн-настройка_бесплатного_антивируса_avast.exe
Size

257KB
Sample

240522-x258csde3s
MD5

5cac3dcb7b2c13e6ebf609424cd01b5f
SHA1

32fcb3fb48d61880b97dac2130c92b82b926f90f
SHA256

18b325e67a6c0dda89f85659acb7aca3dc4c15b2dfcbe9084e9d2bc993295b62
SHA512

ed6e9b72a2b3a646c9d9d6041089c0b69fe0ebe2a17d834ab1cc74326b923f6281706398b94dc77befe2002cc1a5f6acf7c883fd2068ec760c3aca75b7ab881a
SSDEEP

3072:V2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhhBn+T6:V0KgGwHqwOOELha+sm2D2+Uhnguy8

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  онлайн-настройка_бесплатного_антивируса_avast.exe
- Size
  
  257KB
- MD5
  
  5cac3dcb7b2c13e6ebf609424cd01b5f
- SHA1
  
  32fcb3fb48d61880b97dac2130c92b82b926f90f
- SHA256
  
  18b325e67a6c0dda89f85659acb7aca3dc4c15b2dfcbe9084e9d2bc993295b62
- SHA512
  
  ed6e9b72a2b3a646c9d9d6041089c0b69fe0ebe2a17d834ab1cc74326b923f6281706398b94dc77befe2002cc1a5f6acf7c883fd2068ec760c3aca75b7ab881a
- SSDEEP
  
  3072:V2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCozOhhBn+T6:V0KgGwHqwOOELha+sm2D2+Uhnguy8
Score

6^/10

bootkit persistence
- Checks for any installed AV software in registry
- Downloads MZ/PE file
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Pre-OS Boot

Bootkit

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence