General
-
Target
avcd.exe
-
Size
38KB
-
Sample
240602-a9rnlsdb3s
-
MD5
6dd4196d7ea53dd9f6781ae5be59659f
-
SHA1
695ce263e2a15eb8c599a8c589d87626a7929694
-
SHA256
b9172ae0264dc94d31e3191d9b85ff19e1eaf785eefd189a85a44a529b58e59a
-
SHA512
547305bfb4eda5d604a6d5b1a13c6c9c62d2ba3693cce53b98fc10dd504e7a4e9b99b47debe6750f3a2a04008cb8f443e16896f873ba0b01385383629f6afcb7
-
SSDEEP
96:tnIspKBC61+84TyzsrcaUS79RCPYmhF1QVX1sovqV6+Gj2DKYz/NnPjzNt:tnNZ5usoE9RNqyVqVKjhONN
Static task
static1
Behavioral task
behavioral1
Sample
avcd.exe
Resource
win7-20231129-en
Malware Config
Targets
-
-
Target
avcd.exe
-
Size
38KB
-
MD5
6dd4196d7ea53dd9f6781ae5be59659f
-
SHA1
695ce263e2a15eb8c599a8c589d87626a7929694
-
SHA256
b9172ae0264dc94d31e3191d9b85ff19e1eaf785eefd189a85a44a529b58e59a
-
SHA512
547305bfb4eda5d604a6d5b1a13c6c9c62d2ba3693cce53b98fc10dd504e7a4e9b99b47debe6750f3a2a04008cb8f443e16896f873ba0b01385383629f6afcb7
-
SSDEEP
96:tnIspKBC61+84TyzsrcaUS79RCPYmhF1QVX1sovqV6+Gj2DKYz/NnPjzNt:tnNZ5usoE9RNqyVqVKjhONN
-
Contains code to disable Windows Defender
A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
-
Disables RegEdit via registry modification
-
Disables Task Manager via registry modification
-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Legitimate hosting services abused for malware hosting/C2
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Create or Modify System Process
1Windows Service
1