General

  • Target

    avgclear.exe

  • Size

    13.8MB

  • Sample

    240615-y2nhzsshrd

  • MD5

    ca754a269f98315f42a827c4477962df

  • SHA1

    02060ab941a635d7ce228f41657e6a308dee0825

  • SHA256

    4555c33639598bc76b74b735a19b362d462f5a5928018e53005d6075a051de0a

  • SHA512

    2c58a97cd9560f857635969af79dd649c9e42830def63bc72c72fd94c8bd498de1d50ae2c735feb346de4c578cf0bad6a4c728b88212a7eddd934be0d5ba3c9b

  • SSDEEP

    393216:PP0K5chec2c1keb7BQf1Egvh7ruG/LXLBfoKyI7Rzv:X02ccXcrgxBXLBlyuVv

Score
9/10

Malware Config

Targets

    • Target

      avgclear.exe

    • Size

      13.8MB

    • MD5

      ca754a269f98315f42a827c4477962df

    • SHA1

      02060ab941a635d7ce228f41657e6a308dee0825

    • SHA256

      4555c33639598bc76b74b735a19b362d462f5a5928018e53005d6075a051de0a

    • SHA512

      2c58a97cd9560f857635969af79dd649c9e42830def63bc72c72fd94c8bd498de1d50ae2c735feb346de4c578cf0bad6a4c728b88212a7eddd934be0d5ba3c9b

    • SSDEEP

      393216:PP0K5chec2c1keb7BQf1Egvh7ruG/LXLBfoKyI7Rzv:X02ccXcrgxBXLBlyuVv

    Score
    9/10
    • Modifies boot configuration data using bcdedit

    • Adds Run key to start application

    • Checks for any installed AV software in registry

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

1
T1547

Registry Run Keys / Startup Folder

1
T1547.001

Defense Evasion

Modify Registry

1
T1112

Pre-OS Boot

1
T1542

Bootkit

1
T1542.003

Discovery

Software Discovery

1
T1518

Security Software Discovery

1
T1518.001

Query Registry

1
T1012

System Information Discovery

1
T1082

Tasks