Overview

overview

10

Static

static

10

111b46d4fc...06.exe

windows7-x64

10

111b46d4fc...06.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    111b46d4fc132380c3c319891a0e4606

  • Size

    2.8MB

  • Sample

    231219-nagagsabfr

  • MD5

    111b46d4fc132380c3c319891a0e4606

  • SHA1

    2e1bef7b9291746d4e6d28fbea602a56bffb4fc8

  • SHA256

    4715b2c61480e97c6f6c4871018e26e17ff7dfacd59d5b3e77b1510893accc47

  • SHA512

    da69fe6cadb86c0a045e80679eb94bcb2f30d6079a900c271666dca2b8b232299f2f21232a735ef5e90d9bdf53c5547eeca1fcd6d65ba29467c4bde88c864e8d

  • SSDEEP

    49152:67N1ahCv0V7N1ahCi0V7N1ahCi0V7N1ahCTs:67y7P7P7I

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Targets

    • Target

      111b46d4fc132380c3c319891a0e4606

    • Size

      2.8MB

    • MD5

      111b46d4fc132380c3c319891a0e4606

    • SHA1

      2e1bef7b9291746d4e6d28fbea602a56bffb4fc8

    • SHA256

      4715b2c61480e97c6f6c4871018e26e17ff7dfacd59d5b3e77b1510893accc47

    • SHA512

      da69fe6cadb86c0a045e80679eb94bcb2f30d6079a900c271666dca2b8b232299f2f21232a735ef5e90d9bdf53c5547eeca1fcd6d65ba29467c4bde88c864e8d

    • SSDEEP

      49152:67N1ahCv0V7N1ahCi0V7N1ahCi0V7N1ahCTs:67y7P7P7I

    Score
    10/10
    fakeavfakeavpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • FakeAV payload

      fakeavspyware

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks