General
-
Target
1255bd5c3d2bfea5e6c9e3396f2ea677
-
Size
1.4MB
-
Sample
231219-neebpaahak
-
MD5
1255bd5c3d2bfea5e6c9e3396f2ea677
-
SHA1
b6e0eb24437baf5ea87d57a8fb73a47cd321482c
-
SHA256
c3aee7534aefcf6c781c7faea34c6666d9c67deb7565ecf3e8f76b821e5174c4
-
SHA512
19e94d1055e34eda89359ee63a7635f316832953d57cdfe2912208183eec4a8263793bdad08ca5c45a7709c237b76e69cd6b2fcc1cdce4fdf406da2b19751ae3
-
SSDEEP
24576:n67MnVnpA1lmTx8MmA07AaSuDSwdKE6EhDK67MnVnpA1lmTx8MmA07AaSuDSwdIy:67N1ahCK0V7N1ahCQ0
Malware Config
Targets
-
-
Target
1255bd5c3d2bfea5e6c9e3396f2ea677
-
Size
1.4MB
-
MD5
1255bd5c3d2bfea5e6c9e3396f2ea677
-
SHA1
b6e0eb24437baf5ea87d57a8fb73a47cd321482c
-
SHA256
c3aee7534aefcf6c781c7faea34c6666d9c67deb7565ecf3e8f76b821e5174c4
-
SHA512
19e94d1055e34eda89359ee63a7635f316832953d57cdfe2912208183eec4a8263793bdad08ca5c45a7709c237b76e69cd6b2fcc1cdce4fdf406da2b19751ae3
-
SSDEEP
24576:n67MnVnpA1lmTx8MmA07AaSuDSwdKE6EhDK67MnVnpA1lmTx8MmA07AaSuDSwdIy:67N1ahCK0V7N1ahCQ0
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-