Overview

overview

10

Static

static

10

31fa81daa1...63.exe

windows7_x64

10

31fa81daa1...63.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    31fa81daa1d8dc133124acf9baa3a050b45de3cf7275a69ee45991f8a7156963

  • Size

    711KB

  • Sample

    210509-971nkqg3w2

  • MD5

    1ab4bbe6a1211767ac21f69a8d6e5350

  • SHA1

    90136c93eb4b03159f72607736fc961e1acd1bb8

  • SHA256

    31fa81daa1d8dc133124acf9baa3a050b45de3cf7275a69ee45991f8a7156963

  • SHA512

    fe1618eb809cf99979aebd619681d7d78dd454cd871b606bb4439694cba580f94844000c91b73d74086b6249a6dc5bf9d6fa6a0f6954fd163afd4ab751f33769

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Targets

    • Target

      31fa81daa1d8dc133124acf9baa3a050b45de3cf7275a69ee45991f8a7156963

    • Size

      711KB

    • MD5

      1ab4bbe6a1211767ac21f69a8d6e5350

    • SHA1

      90136c93eb4b03159f72607736fc961e1acd1bb8

    • SHA256

      31fa81daa1d8dc133124acf9baa3a050b45de3cf7275a69ee45991f8a7156963

    • SHA512

      fe1618eb809cf99979aebd619681d7d78dd454cd871b606bb4439694cba580f94844000c91b73d74086b6249a6dc5bf9d6fa6a0f6954fd163afd4ab751f33769

    Score
    10/10
    fakeavfakeavpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks