General
-
Target
4db97cd6aae9c71a0fb097f48307c1dce2a91fc7e9f1294b50ae566c1c810fe2
-
Size
724KB
-
Sample
220703-vbe75shbdn
-
MD5
3b56cc7c5801f442f7542e7c57382adc
-
SHA1
9d669a1c0f33bdba79e21ac520df1168e10e9eda
-
SHA256
4db97cd6aae9c71a0fb097f48307c1dce2a91fc7e9f1294b50ae566c1c810fe2
-
SHA512
388bdde4ed675e55181603a47ee161e20cd33b9e507f101cf0a0d19a6a8f8f1d9d61e221e650fe748af483e465ebfcae4534282428be074e68e5d2bc90d3890c
Malware Config
Targets
-
-
Target
4db97cd6aae9c71a0fb097f48307c1dce2a91fc7e9f1294b50ae566c1c810fe2
-
Size
724KB
-
MD5
3b56cc7c5801f442f7542e7c57382adc
-
SHA1
9d669a1c0f33bdba79e21ac520df1168e10e9eda
-
SHA256
4db97cd6aae9c71a0fb097f48307c1dce2a91fc7e9f1294b50ae566c1c810fe2
-
SHA512
388bdde4ed675e55181603a47ee161e20cd33b9e507f101cf0a0d19a6a8f8f1d9d61e221e650fe748af483e465ebfcae4534282428be074e68e5d2bc90d3890c
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Executes dropped EXE
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-