General
-
Target
708ba5dfec0d2ffe3b68f1dbb16b833d
-
Size
5.7MB
-
Sample
231219-wkxn8abfh4
-
MD5
708ba5dfec0d2ffe3b68f1dbb16b833d
-
SHA1
3a733f6495d95e3c5c512835622108c2ddcdd5a1
-
SHA256
e70b3b8c2a6a2c8c01e2a612f4f842bb6a8781a4fb2ef2e98d87b9fb7ccb3e31
-
SHA512
55782250dcb47f1a302522cd9fc2283100c9668e52e972221c88a326ca50d4ea66a1ea1da9606dd76ba188edb3a0b2c5eeae9b9b5dfbdc0fcc677c6921372080
-
SSDEEP
49152:67N1ahCE0V7N1ahCt0V7N1ahCf0V7N1ahCc0V7N1ahCY0V7N1ahCV0V7N1ahCH0y:67x7g7i7J7l7I7K7
Malware Config
Targets
-
-
Target
708ba5dfec0d2ffe3b68f1dbb16b833d
-
Size
5.7MB
-
MD5
708ba5dfec0d2ffe3b68f1dbb16b833d
-
SHA1
3a733f6495d95e3c5c512835622108c2ddcdd5a1
-
SHA256
e70b3b8c2a6a2c8c01e2a612f4f842bb6a8781a4fb2ef2e98d87b9fb7ccb3e31
-
SHA512
55782250dcb47f1a302522cd9fc2283100c9668e52e972221c88a326ca50d4ea66a1ea1da9606dd76ba188edb3a0b2c5eeae9b9b5dfbdc0fcc677c6921372080
-
SSDEEP
49152:67N1ahCE0V7N1ahCt0V7N1ahCf0V7N1ahCc0V7N1ahCY0V7N1ahCV0V7N1ahCH0y:67x7g7i7J7l7I7K7
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-