Overview

overview

10

Static

static

3

av_downloader1.1.exe

windows7-x64

10

av_downloader1.1.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    av_downloader1.1.exe

  • Size

    88KB

  • Sample

    241017-wsy71s1dnp

  • MD5

    759f5a6e3daa4972d43bd4a5edbdeb11

  • SHA1

    36f2ac66b894e4a695f983f3214aace56ffbe2ba

  • SHA256

    2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d

  • SHA512

    f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385

  • SSDEEP

    1536:D7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf+xB4O5:fq6+ouCpk2mpcWJ0r+QNTBf+LV

Score
10/10
defense_evasiondiscoveryevasionexecutionprivilege_escalationtrojan

Malware Config

Targets

    • Target

      av_downloader1.1.exe

    • Size

      88KB

    • MD5

      759f5a6e3daa4972d43bd4a5edbdeb11

    • SHA1

      36f2ac66b894e4a695f983f3214aace56ffbe2ba

    • SHA256

      2031202030b1581acb6694f7ba528431a5015c7c37a4c6bcc0e1afdbca6f120d

    • SHA512

      f97c793e1489e09dc6867bc9fb8a8e6073e08e1019b7a6fd57efdb31099047fcef9bc7bc3a8194742d7998f075c50e5d71670711bf077da1ac801aab7d19b385

    • SSDEEP

      1536:D7fPGykbOqjoHm4pICdfkLtAfupcWX50MxFY+yIOlnToIf+xB4O5:fq6+ouCpk2mpcWJ0r+QNTBf+LV

    Score
    10/10
    defense_evasiondiscoveryevasionexecutionprivilege_escalationtrojan

    • UAC bypass

      evasiontrojan

    • Blocklisted process makes network request

    • Command and Scripting Interpreter: PowerShell

      Powershell Invoke Web Request.

      execution

    • Sets file to hidden

      Modifies file attributes to stop it showing in Explorer etc.

      evasion

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

1
T1059

PowerShell

1
T1059.001

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Persistence

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Privilege Escalation

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Access Token Manipulation

1
T1134

Create Process with Token

1
T1134.002

Scheduled Task/Job

1
T1053

Scheduled Task

1
T1053.005

Defense Evasion

Abuse Elevation Control Mechanism

1
T1548

Bypass User Account Control

1
T1548.002

Access Token Manipulation

1
T1134

Create Process with Token

1
T1134.002

Hide Artifacts

2
T1564

Hidden Files and Directories

2
T1564.001

Impair Defenses

1
T1562

Disable or Modify Tools

1
T1562.001

Modify Registry

2
T1112

Credential Access

Discovery

Browser Information Discovery

1
T1217

Query Registry

3
T1012

System Information Discovery

3
T1082

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks