060de87c45ceabc99e51135369b71048b9f15ca2c32dee32ed99dc3dadf01ab9 | Triage

Sharing

General

Target

avg_antivirus_free_setup.exe
Size

229KB
Sample

240527-f5z23shf21
MD5

796ee1d354e110b802dff6873c9963a4
SHA1

4206d44bb07c3181030d498c34f924a4e07a8185
SHA256

060de87c45ceabc99e51135369b71048b9f15ca2c32dee32ed99dc3dadf01ab9
SHA512

208364bd6f95ee1ed5afd69ce2b9422350b40d87981c63b725d9532a44386019875889803b71ca8e90b51576f4565018d882326a71ed2c95916341140021e572
SSDEEP

3072:c2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCoKOhhWK0KL:c0KgGwHqwOOELha+sm2D2+UhngNQK4d

Score

6^/10

bootkit persistence

Malware Config

Targets

- Target
  
  avg_antivirus_free_setup.exe
- Size
  
  229KB
- MD5
  
  796ee1d354e110b802dff6873c9963a4
- SHA1
  
  4206d44bb07c3181030d498c34f924a4e07a8185
- SHA256
  
  060de87c45ceabc99e51135369b71048b9f15ca2c32dee32ed99dc3dadf01ab9
- SHA512
  
  208364bd6f95ee1ed5afd69ce2b9422350b40d87981c63b725d9532a44386019875889803b71ca8e90b51576f4565018d882326a71ed2c95916341140021e572
- SSDEEP
  
  3072:c2RaiKg4xmUh1WXHqw/l+qmOELhakVsm3mxB32tLEv8zfdn5f2dZLCoKOhhWK0KL:c0KgGwHqwOOELha+sm2D2+UhngNQK4d
Score

6^/10

bootkit persistence
- Checks for any installed AV software in registry
- Downloads MZ/PE file
- Writes to the Master Boot Record (MBR)
  Bootkits write to the MBR to gain persistence at a level below the operating system.
  bootkit persistence
behavioral1 behavioral2 behavioral3

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

Bootkit

Privilege Escalation

Defense Evasion

Modify Registry

Pre-OS Boot

Bootkit

Subvert Trust Controls

Install Root Certificate

Credential Access

Discovery

Query Registry

Software Discovery

Security Software Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

bootkitpersistence

behavioral2

bootkitpersistence

behavioral3

bootkitpersistence