Overview

overview

10

Static

static

10

e254d8b9da...19.exe

windows7_x64

10

e254d8b9da...19.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e254d8b9da7bc1c4c28dd5c3cf8d67e7f0766acc8bf8a530133456e4feb37719

  • Size

    812KB

  • Sample

    210511-lzyakx9lbj

  • MD5

    fc5fa81f71eb719531d63ea47a8c1097

  • SHA1

    35735ce7d77e127173c5cd2e7ab26e9897f600c5

  • SHA256

    e254d8b9da7bc1c4c28dd5c3cf8d67e7f0766acc8bf8a530133456e4feb37719

  • SHA512

    c16222bd33eadefb8490803cbdc10126d1e2a00aa78389c4235024e98ca929844755351908559c44c6eb4c509c600d444d415a9d10ff8c3476a697aebd59e111

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Targets

    • Target

      e254d8b9da7bc1c4c28dd5c3cf8d67e7f0766acc8bf8a530133456e4feb37719

    • Size

      812KB

    • MD5

      fc5fa81f71eb719531d63ea47a8c1097

    • SHA1

      35735ce7d77e127173c5cd2e7ab26e9897f600c5

    • SHA256

      e254d8b9da7bc1c4c28dd5c3cf8d67e7f0766acc8bf8a530133456e4feb37719

    • SHA512

      c16222bd33eadefb8490803cbdc10126d1e2a00aa78389c4235024e98ca929844755351908559c44c6eb4c509c600d444d415a9d10ff8c3476a697aebd59e111

    Score
    10/10
    fakeavfakeavpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

1
T1060

Privilege Escalation

Defense Evasion

Modify Registry

1
T1112

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks