ioc[.]one - OSINT Cyber Threat Intelligence Database

The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable

Tags

country:	Brazil Portugal
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Credentials - T1589.001 Dll Side-Loading - T1574.002 Javascript - T1059.007 Malicious File - T1204.002 Malware - T1587.001 Malware - T1588.001 Software - T1592.002 Tool - T1588.002 Dll Side-Loading - T1073

Show in Graph

Common Information

Type	Value
UUID	9a4736bc-9b92-4a38-a766-dc44a343bcce
Fingerprint	2c01097b2db396c8
Analysis status	DONE
Considered CTI value	2
Text language
Published	April 9, 2020, 3:07 p.m.
Added to db	Sept. 26, 2022, 9:31 a.m.
Last updated	Nov. 17, 2024, 6:53 p.m.
Headline	The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable
Title	The Avast Abuser: Metamorfo Banking Malware Hides By Abusing Avast Executable
Detected Hints/Tags/Attributes	59/3/67

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@chenerlich/the-avast-abuser-metamorfo-banking-malware-hides-by-abusing-avast-executable-ac9b8b392767

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

Attributes

Details	Type	#Events	Value
Details	Domain	1	ensilo.com
Details	Domain	13	s3-eu-west-1.amazonaws.com
Details	Domain	260	helpx.adobe.com
Details	Domain	1	adobe.ly
Details	Domain	80	www.adobe.com
Details	Domain	1	goole.com
Details	Domain	2	www.localizaip.com.br
Details	Domain	1	x1-lb12.internal.gocache.me
Details	Domain	219	gist.github.com
Details	Domain	1	mrs04s09-in-f206.1e100.net
Details	Domain	1	lhr25s13-in-f78.1e100.net
Details	Domain	1	dub08s01-in-f14.1e100.net
Details	Domain	1	lhr25s11-in-f46.1e100.net
Details	File	1	jesus.exe
Details	File	54	dbghelp.dll
Details	File	1	ajwrdz.exe
Details	File	2	jesus.dmp
Details	File	16	wmplayer.exe
Details	File	2	ssleay64.dll
Details	File	26	ssleay32.dll
Details	File	1	borlndmm.dll
Details	File	35	libeay32.dll
Details	File	1	ajwrdz.dmp
Details	File	1	hnr-not03958576535323.msi
Details	File	2	vmdetect.exe
Details	File	5	image2.png
Details	File	6	desktop.txt
Details	File	409	c:\windows\system32\cmd.exe
Details	File	1	install-updates-reader-acrobat.html
Details	File	2	terms.html
Details	File	1	avdump32.exe
Details	File	1	adwrdz.dmp
Details	File	1	mreb.xml
Details	File	1	iplocation.php
Details	File	1	%appdata%\macromedia\desktop.txt
Details	File	1	%appdata%\teamviewer\desktop.txt
Details	File	1	%appdata%\dmcache\desktop.txt
Details	File	1	%appdata%\anydesk\desktop.txt
Details	Github username	1	chenerlich
Details	md5	1	55FFEE241709AE96CF64CB0B9A96F0D7
Details	md5	1	F5E63580710E8FA884377A746FC822E5
Details	md5	1	4e7a22a6263383a4ce3810082a8ac991
Details	md5	1	0095444e60ae4d04ab75721dec522287
Details	sha1	1	f1498e679885389c32fdf5ec39813fe5d4d34f23
Details	sha1	1	2a1a5d7c85560924edc434a1d2f23ed3445d86f4
Details	sha1	1	08823578841aeed044ead81ed6db16dd95b6ff4b
Details	sha1	1	c00bf102482c61e4cab3c6b6666697779092fadc
Details	sha1	1	6242cc3009a96f97ab9586c970db26ede5512f9a
Details	sha1	1	03a5bef2b9de1df5c19c9f4d2aec6f780f4749d0
Details	sha1	1	c15154d7323ea0c7a40912c799599dacceb4e7ce
Details	Url	1	https://s3-eu-west-1.amazonaws.com/{random}/image2.png
Details	Url	1	https://helpx.adobe.com/br/acrobat/kb/install-updates-reader-acrobat.html
Details	Url	1	https://adobe.ly/2ry5gjr
Details	Url	1	https://www.adobe.com/br/legal/terms.html
Details	Url	2	https://www.localizaip.com.br/api/iplocation.php
Details	Url	1	https://x1-lb12.internal.gocache.me
Details	Url	1	https://gist.github.com/chenerlich/4e7a22a6263383a4ce3810082a8ac991
Details	Url	1	https://gist.github.com/chenerlich/0095444e60ae4d04ab75721dec522287
Details	Url	2	https://s3-eu-west-1.amazonaws.com/disenyrt3/image2.png
Details	Url	2	https://s3-eu-west-1.amazonaws.com/sharknadorki/image2.png
Details	Url	2	https://s3-eu-west-1.amazonaws.com/jasonrwk5wg/image2.png
Details	Url	1	https://s3-eu-west-1.amazonaws.com/frezaaaewrwty/image2.png
Details	Url	1	https://s3-eu-west-1.amazonaws.com/cadeaadl54t4gw4/image2.png
Details	Url	1	https://s3-eu-west-1.amazonaws.com/jooosan/image2.png
Details	Url	1	https://s3-eu-west-1.amazonaws.com/shhakkr/image2.png
Details	Windows Registry Key	112	HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Details	Windows Registry Key	1	HKCU\Software\index