Resubmissions

02/06/2024, 00:55

240602-a9rnlsdb3s 10

02/06/2024, 00:49

240602-a6d84sch7s 8

General

  • Target

    avcd.exe

  • Size

    38KB

  • Sample

    240602-a9rnlsdb3s

  • MD5

    6dd4196d7ea53dd9f6781ae5be59659f

  • SHA1

    695ce263e2a15eb8c599a8c589d87626a7929694

  • SHA256

    b9172ae0264dc94d31e3191d9b85ff19e1eaf785eefd189a85a44a529b58e59a

  • SHA512

    547305bfb4eda5d604a6d5b1a13c6c9c62d2ba3693cce53b98fc10dd504e7a4e9b99b47debe6750f3a2a04008cb8f443e16896f873ba0b01385383629f6afcb7

  • SSDEEP

    96:tnIspKBC61+84TyzsrcaUS79RCPYmhF1QVX1sovqV6+Gj2DKYz/NnPjzNt:tnNZ5usoE9RNqyVqVKjhONN

Malware Config

Targets

    • Target

      avcd.exe

    • Size

      38KB

    • MD5

      6dd4196d7ea53dd9f6781ae5be59659f

    • SHA1

      695ce263e2a15eb8c599a8c589d87626a7929694

    • SHA256

      b9172ae0264dc94d31e3191d9b85ff19e1eaf785eefd189a85a44a529b58e59a

    • SHA512

      547305bfb4eda5d604a6d5b1a13c6c9c62d2ba3693cce53b98fc10dd504e7a4e9b99b47debe6750f3a2a04008cb8f443e16896f873ba0b01385383629f6afcb7

    • SSDEEP

      96:tnIspKBC61+84TyzsrcaUS79RCPYmhF1QVX1sovqV6+Gj2DKYz/NnPjzNt:tnNZ5usoE9RNqyVqVKjhONN

    • Contains code to disable Windows Defender

      A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.

    • Modifies Windows Defender Real-time Protection settings

    • UAC bypass

    • Disables RegEdit via registry modification

    • Disables Task Manager via registry modification

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Windows security modification

    • Checks whether UAC is enabled

    • Legitimate hosting services abused for malware hosting/C2

MITRE ATT&CK Enterprise v15

Tasks