Overview

overview

10

Static

static

f9a0f4ae0d...12.exe

windows7_x64

10

f9a0f4ae0d...12.exe

windows10_x64

10

Resubmissions

10-11-2020 09:13

201110-bm2ezhvdfx 6

08-11-2020 18:23

201108-cm8vq2t2w2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f9a0f4ae0ddb62a451a82bf20d2937ee21c1742a9fac9533af0d99d2ef738212

  • Size

    711KB

  • Sample

    201108-cm8vq2t2w2

  • MD5

    8e2c6c754a1bafc7066a0769d0e56cc3

  • SHA1

    c36a21a93703a0f2dfb31db1c375b843531ae278

  • SHA256

    f9a0f4ae0ddb62a451a82bf20d2937ee21c1742a9fac9533af0d99d2ef738212

  • SHA512

    0a6028b2982ce8e15dcb7a4491bc7b9f8db88171082ccc6afaa244f7e591ad3b341f93488574ac0ae82a74fae7cda0f2f842d0c87d7a4633c3ef1535f0a1ecdc

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Targets

    • Target

      f9a0f4ae0ddb62a451a82bf20d2937ee21c1742a9fac9533af0d99d2ef738212

    • Size

      711KB

    • MD5

      8e2c6c754a1bafc7066a0769d0e56cc3

    • SHA1

      c36a21a93703a0f2dfb31db1c375b843531ae278

    • SHA256

      f9a0f4ae0ddb62a451a82bf20d2937ee21c1742a9fac9533af0d99d2ef738212

    • SHA512

      0a6028b2982ce8e15dcb7a4491bc7b9f8db88171082ccc6afaa244f7e591ad3b341f93488574ac0ae82a74fae7cda0f2f842d0c87d7a4633c3ef1535f0a1ecdc

    Score
    10/10
    fakeavfakeavpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks