a5eeb19229943a0e73cc6025f8322b589da7b4599964f1adbfd2276154fcc69d

Sharing

Copy URL Twitter E-mail

General

Target

AviraSupportCollector.exe
Size

56.6MB
Sample

250510-g9pmkswny6
MD5

65d03d7603e175105e3b5038026b3de6
SHA1

105aa64f53e35cc506d100583f0f5bbfa40f6f35
SHA256

a5eeb19229943a0e73cc6025f8322b589da7b4599964f1adbfd2276154fcc69d
SHA512

f0151aea8854e1644ec44d1983dcaf5eb2230de3e9afdbdbb3f7eab61c1b539be8925c0ca9ed2b96d76265736d3828a852c44c9410bafe59bbcd600a6cab36e0
SSDEEP

1572864:BnTRwtMRA8EdtKsUx5b67W4g0DiJxQv2jI1vz3t/qhVEw7Y:BdwtM2lssUx5bLuDiJbjI1DtEs

Score

5^/10

discovery execution

Malware Config

Targets

- Target
  
  AviraSupportCollector.exe
- Size
  
  56.6MB
- MD5
  
  65d03d7603e175105e3b5038026b3de6
- SHA1
  
  105aa64f53e35cc506d100583f0f5bbfa40f6f35
- SHA256
  
  a5eeb19229943a0e73cc6025f8322b589da7b4599964f1adbfd2276154fcc69d
- SHA512
  
  f0151aea8854e1644ec44d1983dcaf5eb2230de3e9afdbdbb3f7eab61c1b539be8925c0ca9ed2b96d76265736d3828a852c44c9410bafe59bbcd600a6cab36e0
- SSDEEP
  
  1572864:BnTRwtMRA8EdtKsUx5b67W4g0DiJxQv2jI1vz3t/qhVEw7Y:BdwtM2lssUx5bLuDiJbjI1DtEs
Score

5^/10

discovery
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral1 behavioral2
- Target
  
  $PLUGINSDIR/SpiderBanner.dll
- Size
  
  9KB
- MD5
  
  17309e33b596ba3a5693b4d3e85cf8d7
- SHA1
  
  7d361836cf53df42021c7f2b148aec9458818c01
- SHA256
  
  996a259e53ca18b89ec36d038c40148957c978c0fd600a268497d4c92f882a93
- SHA512
  
  1abac3ce4f2d5e4a635162e16cf9125e059ba1539f70086c2d71cd00d41a6e2a54d468e6f37792e55a822d7082fb388b8dfecc79b59226bbb047b7d28d44d298
- SSDEEP
  
  192:5lkE3uqRI1y7/xcfK4PRef6gQzJyY1rpKlVrw:5lkMBI1y7UKcef6XzJrpKY
Score

3^/10

discovery
behavioral3 behavioral4
- Target
  
  $PLUGINSDIR/StdUtils.dll
- Size
  
  100KB
- MD5
  
  c6a6e03f77c313b267498515488c5740
- SHA1
  
  3d49fc2784b9450962ed6b82b46e9c3c957d7c15
- SHA256
  
  b72e9013a6204e9f01076dc38dabbf30870d44dfc66962adbf73619d4331601e
- SHA512
  
  9870c5879f7b72836805088079ad5bbafcb59fc3d9127f2160d4ec3d6e88d3cc8ebe5a9f5d20a4720fe6407c1336ef10f33b2b9621bc587e930d4cbacf337803
- SSDEEP
  
  3072:WNuZmJ9TDP3ahD2TF7Rq9cJNPhF9vyHf:WNuZ81zaAFHhF9v
Score

3^/10

discovery
behavioral5 behavioral6
- Target
  
  $PLUGINSDIR/System.dll
- Size
  
  12KB
- MD5
  
  0d7ad4f45dc6f5aa87f606d0331c6901
- SHA1
  
  48df0911f0484cbe2a8cdd5362140b63c41ee457
- SHA256
  
  3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
- SHA512
  
  c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
- SSDEEP
  
  192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6
Score

3^/10

discovery
behavioral7 behavioral8
- Target
  
  $PLUGINSDIR/WinShell.dll
- Size
  
  3KB
- MD5
  
  1cc7c37b7e0c8cd8bf04b6cc283e1e56
- SHA1
  
  0b9519763be6625bd5abce175dcc59c96d100d4c
- SHA256
  
  9be85b986ea66a6997dde658abe82b3147ed2a1a3dcb784bb5176f41d22815a6
- SHA512
  
  7acf7f8e68aa6066b59ca9f2ae2e67997e6b347bc08eb788d2a119b3295c844b5b9606757168e8d2fbd61c2cda367bf80e9e48c9a52c28d5a7a00464bfd2048f
Score

3^/10

discovery
behavioral10 behavioral9
- Target
  
  Avira Support Collector.exe
- Size
  
  121.5MB
- MD5
  
  09de047a168c77a5e8f9c6d8766a8363
- SHA1
  
  5e7e429d24204c572ba470b0c3ea8691a147bb9c
- SHA256
  
  799d9e0a0d7074feaf38e30b341984178b7acb4d352941a3c697183b39bccde9
- SHA512
  
  ea1305a00ebdc0ad0132c246eaf48d0f87da39e5a10a422cf16b62ad64a41772c486af7913648c94c172120a376a5660bee0211178d9de0201b8d3b2ae1b11a7
- SSDEEP
  
  1572864:lkNdDpZowWnNnRxOnEWJ/QoBdVliqy9dqc:sppVBd3iL9sc
Score

5^/10
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
behavioral11 behavioral12
- Target
  
  LICENSES.chromium.html
- Size
  
  4.5MB
- MD5
  
  d4a79b5d46f0931b9eb7125fd40baff0
- SHA1
  
  3a38fb263dde2251b9fe157b5fddec7acb07c53e
- SHA256
  
  03f1d245e6a2facca9edbdaad108169e0765dd9101875bc2d123797994b9e80f
- SHA512
  
  17cf94805f11d499ff12d8e42cb262ceecbeb265f56338e0837d291f6a7ed7f8135a025dbe99fdb2e2bb299f2267bed9365976ea51269aafd4c3220cffef9339
- SSDEEP
  
  24576:thgBBmnLiLArZ62BrcrnKHq/kUkBAwi9QxruE:rYBmLAehN6KK+xV
Score

4^/10

discovery
behavioral13 behavioral14
- Target
  
  d3dcompiler_47.dll
- Size
  
  4.3MB
- MD5
  
  7641e39b7da4077084d2afe7c31032e0
- SHA1
  
  2256644f69435ff2fee76deb04d918083960d1eb
- SHA256
  
  44422e6936dc72b7ac5ed16bb8bcae164b7554513e52efb66a3e942cec328a47
- SHA512
  
  8010e1cb17fa18bbf72d8344e1d63ded7cef7be6e7c13434fa6d8e22ce1d58a4d426959bdcb031502d4b145e29cb111af929fcbc66001111fbc6d7a19e8800a5
- SSDEEP
  
  49152:aYlc/220PPiMLKam+VMrLi21f4i3jn5ZO3XUDmOZQwVd2uQpN3WsGVUWd55i/jrs:a6KD2Mrdaix4NQnLt
Score

1^/10
behavioral15
- Target
  
  ffmpeg.dll
- Size
  
  2.7MB
- MD5
  
  2dce038d4e112d925626ea4890d9ddd0
- SHA1
  
  66ddd0579ac211d2bff1516b8dc2deb339d24c8b
- SHA256
  
  0046e572a45bd6ac0e1e13427661be4a273d4cdc48d4a6cd07fed79a9bf1fe0b
- SHA512
  
  aed60d1dfb4fb0fa67148d6c4bbab77d6bb6af426148a3c250675c4d8f988ba4d2a527d72c4b861de5f3240703ad8b4003f40145a64008f1a91f3eb05d815147
- SSDEEP
  
  49152:1ISWBURglcWlJUQSyPV3cZ8RxDZa+DmXfUStDw/JcImohiiMoFwEgz:1PnvdZoJpMoQ
Score

1^/10
behavioral16 behavioral17
- Target
  
  libEGL.dll
- Size
  
  438KB
- MD5
  
  c4727bb1405881d77bdaddedbb731e97
- SHA1
  
  1f518c8d5db60a38b205069de7f7c1a485277771
- SHA256
  
  d1fba4dc446905d3c33e4f96e2d0604872294825bdefd5b8d558a095555aa89c
- SHA512
  
  9ec08f538522e7bd8affa590ac9f77ba4cda5a8fea5c43000bad0ec1b463e661146c4c132b8a80a621706a7aac5c1a7f60e4587846f899c1c86450862dc8dd80
- SSDEEP
  
  6144:O9h+56bG/eyllh9g1Kajo9wEVzZJAWpf4uBL75+Hjr:O9Jbwla1KoAwqf4W4v
Score

1^/10
behavioral18 behavioral19
- Target
  
  libGLESv2.dll
- Size
  
  7.3MB
- MD5
  
  d58ea47b2578577d4b3e9e597ce59881
- SHA1
  
  f79bac8b9024f6fe2ef810cb8401d09bc5351951
- SHA256
  
  0f5325175f7bd47141256aa6a53cdaeac8d852e178c8428570ac3ac224189757
- SHA512
  
  143f509cd53db6248c6c553263c4d999225d5b8065c8215b2a05ef6f584e26b87ce2d598efee4486d3baef397ee654bc20da12267533e655c2e397502d5b95ff
- SSDEEP
  
  98304:vYc8QdV7dHXILpSQplLHGOncu9jc18kAY:vYc8GV7dSrFncQc19P
Score

1^/10
behavioral20 behavioral21
- Target
  
  resources/app.asar
- Size
  
  4.1MB
- MD5
  
  79c0faf029edbf64df4314fed987dcf0
- SHA1
  
  3e504f5ac0103ae28c362ac53e55d1a8f5e20c4f
- SHA256
  
  e525a80704b9c818e856322431eddb94952803965a13cc29a621c8e769ebdd3b
- SHA512
  
  dcca30699efea7f53ab1c7bac239f3742548d09a81b310b9587c24857f988dba22c562d7b8241af3bc08b6ba59a4ed3680c709858015ee01beec9d2da43533ac
- SSDEEP
  
  49152:/dQAEhkmnLOttHxpPNqHtu5cTegVos81DK:VKbKttKEjDK
Score

3^/10

execution
behavioral22 behavioral23
- Target
  
  resources/elevate.exe
- Size
  
  105KB
- MD5
  
  792b92c8ad13c46f27c7ced0810694df
- SHA1
  
  d8d449b92de20a57df722df46435ba4553ecc802
- SHA256
  
  9b1fbf0c11c520ae714af8aa9af12cfd48503eedecd7398d8992ee94d1b4dc37
- SHA512
  
  6c247254dc18ed81213a978cce2e321d6692848c64307097d2c43432a42f4f4f6d3cf22fb92610dfa8b7b16a5f1d94e9017cf64f88f2d08e79c0fe71a9121e40
- SSDEEP
  
  3072:1bLnrwQoRDtdMMgSXiFJWcIgUVCfRjV/GrWl:1PrwRhte1XsE1l
Score

3^/10

discovery
behavioral24 behavioral25
- Target
  
  swiftshader/libEGL.dll
- Size
  
  460KB
- MD5
  
  3fa9bf61dcb9ed1ae7dc7aec7801dbd8
- SHA1
  
  06cd2553159c5df2f221f7bce98b82bae5e5794e
- SHA256
  
  2c47305af92ddcafed008b1e678f2eb45fca5fc7e67cced88883374809f1779d
- SHA512
  
  272f78f4d722fee1a1e50fac4e6138a035ee9aa620b6f25c257dc0cd687f85e54b5c427b22b92d2c8ae2b6497a760905e86f255e013396f48c62ac06c8f4d2b8
- SSDEEP
  
  6144:UljnvKkgWLOf4qw66is0YtuoCjUnPt5WpbOvcbufRnVjC4mz4sky:UnzgWLOQqD6iATYbObfIvky
Score

1^/10
behavioral26 behavioral27
- Target
  
  swiftshader/libGLESv2.dll
- Size
  
  3.1MB
- MD5
  
  fc1ac4b74fa4578b2b0cd67a973a1df7
- SHA1
  
  2d838ff235bbfac292f52e2efdf3649a76627756
- SHA256
  
  0a1562fa1a14b37cfe50f32ab8a9e8af4bfac64cfb141bac59c95ea3e7f5b886
- SHA512
  
  05afead5fb48262ec3fb7f9cc2a08da422e78c59134dd4c23e8cc8a69529452ce8ab067343e7c6d33a4c5af6904f9cf3b4017906a530b600e1b724396a1b73b0
- SSDEEP
  
  49152:yFE2SqB1Ip0Ak1DWFZ1zyQF+sANuFQ+3ELK/QdYLBYXLkk9/kBOwfoUBYXD5vWqu:dQEZB/SK/QK5PXgw5O1
Score

1^/10
behavioral28 behavioral29
- Target
  
  vk_swiftshader.dll
- Size
  
  4.3MB
- MD5
  
  c7e0e007f3a5cccdc2aac8cfb6fcac66
- SHA1
  
  8e11a2487389400fa7dd1748b2505c298176f7a6
- SHA256
  
  9c517e77cf9fd513c5b263bd60be48b8829bab0349abda5d1c44bdb470c971cf
- SHA512
  
  0276b6d0dfa85c4301a294ac253675451b330923f9bdc6f8d23af52b0a3fe5fd631e6b720901848195cd211704f701ce42a4caf65bf41a830ce9a9a6716266b3
- SSDEEP
  
  49152:OR4+5d8q8C/l80az6722j5V7IqD0o/1aZ/MMN5xSvEftz4VbHX5C+cn4br4nhXsQ:wDTvEF89HPoptTgY+XB
Score

1^/10
behavioral30 behavioral31
- Target
  
  vulkan-1.dll
- Size
  
  715KB
- MD5
  
  a66dc4cf5f5a9661815bb8575fd64dbd
- SHA1
  
  424ea8b039e54e166e60e8061e29128b57d11b0a
- SHA256
  
  4d7357c995cb826c23daaddf063a10884788865b4320522177f0426e34113785
- SHA512
  
  d5055b275226c9ba7f70c8f3663ec93c298d47cd7731314a956d37c7fd36ec2a4df0683674c1ff77b4052ec0b5a7434c1e8237d648f7c68235d305785ea2d10d
- SSDEEP
  
  12288:tDSRRxZS8ZkDVQ0FQNNTlSdBHxEXdgzXoRoIjspf:tDSZZSe2Q0FOTleadgL42f
Score

1^/10
behavioral32

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Targets

Checks computer location settings

Checks computer location settings

MITRE ATT&CK Enterprise v16

Tasks

static1

behavioral1

behavioral2

behavioral3

behavioral4

behavioral5

behavioral6

behavioral7

behavioral8

behavioral9

behavioral10

behavioral11

behavioral12

behavioral13

behavioral14

behavioral15

behavioral16

behavioral17

behavioral18

behavioral19

behavioral20

behavioral21

behavioral22

behavioral23

behavioral24

behavioral25

behavioral26

behavioral27

behavioral28

behavioral29

behavioral30

behavioral31

behavioral32