Overview

overview

10

Static

static

10

0671dd40ff...cd.exe

windows7-x64

10

0671dd40ff...cd.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    0671dd40ff23a92f30cdb966372e6bcd

  • Size

    2.8MB

  • Sample

    231219-mjhdgabhen

  • MD5

    0671dd40ff23a92f30cdb966372e6bcd

  • SHA1

    d75791cb8592954d5dd63eedd068b37cf74afbad

  • SHA256

    316edce38f325753dbea48fd8d2fbc3c8e58018b9d100c6b2c29983aa10c2a12

  • SHA512

    b993eeeea816419a8dcab73cdd4341a5bc773be22c8d0325dc17e9d774b6e35d91a98da2d7be231e1dfc7b23fd3eb9dbf4109a415bdcc913991a56e9bc8e234f

  • SSDEEP

    49152:67N1ahCd0V7N1ahCS0V7N1ahCo0V7N1ahCj0:67Q7/717

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Targets

    • Target

      0671dd40ff23a92f30cdb966372e6bcd

    • Size

      2.8MB

    • MD5

      0671dd40ff23a92f30cdb966372e6bcd

    • SHA1

      d75791cb8592954d5dd63eedd068b37cf74afbad

    • SHA256

      316edce38f325753dbea48fd8d2fbc3c8e58018b9d100c6b2c29983aa10c2a12

    • SHA512

      b993eeeea816419a8dcab73cdd4341a5bc773be22c8d0325dc17e9d774b6e35d91a98da2d7be231e1dfc7b23fd3eb9dbf4109a415bdcc913991a56e9bc8e234f

    • SSDEEP

      49152:67N1ahCd0V7N1ahCS0V7N1ahCo0V7N1ahCj0:67Q7/717

    Score
    10/10
    fakeavfakeavpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • FakeAV payload

      fakeavspyware

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks