General

  • Target

    0fabb0e97c85da5b50db6b60cfd829af37ea32123314aea18dbb6d1a6b9d1346

  • Size

    812KB

  • Sample

    201108-2nsrs957ke

  • MD5

    e52d504a4553daa91f238e8b5bc1b505

  • SHA1

    e369974decd386dfcf722ba5864eb1a371c066a7

  • SHA256

    0fabb0e97c85da5b50db6b60cfd829af37ea32123314aea18dbb6d1a6b9d1346

  • SHA512

    e89cb94cd981261550557b8cc000d17e8d25f569659dc7e22b1f75fe8ec4020a2880b8c6c05c1035f01e2b63e463efad16b7cac63ea77d079e5b03547e5f3c54

Malware Config

Targets

    • Target

      0fabb0e97c85da5b50db6b60cfd829af37ea32123314aea18dbb6d1a6b9d1346

    • Size

      812KB

    • MD5

      e52d504a4553daa91f238e8b5bc1b505

    • SHA1

      e369974decd386dfcf722ba5864eb1a371c066a7

    • SHA256

      0fabb0e97c85da5b50db6b60cfd829af37ea32123314aea18dbb6d1a6b9d1346

    • SHA512

      e89cb94cd981261550557b8cc000d17e8d25f569659dc7e22b1f75fe8ec4020a2880b8c6c05c1035f01e2b63e463efad16b7cac63ea77d079e5b03547e5f3c54

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v6

Persistence

Registry Run Keys / Startup Folder

1
T1060

Defense Evasion

Modify Registry

1
T1112

Tasks