General
-
Target
e1c58de6d946a2d73b9906c3b3332986
-
Size
10.7MB
-
Sample
231220-tjgkhahef9
-
MD5
e1c58de6d946a2d73b9906c3b3332986
-
SHA1
2df1005b7fe3f282e36c6edf8d9c5644846fda0a
-
SHA256
06cccb9e6c900be5e08b67a4216657210eec19037e8369957bfc9ff0ccd6ed8d
-
SHA512
04cdcf8910a9b040d9d8ba660eac83d0cdb964f5ca37991bce51987b53cfb7ef309f244c6442c99d9b17ea342cdf4fa16bcbf2763761310d053db3d1415b8b3e
-
SSDEEP
98304:6757h7W7s7N7p7i7j7q7z7U7g7M7A7u7F:QFN8SJVYXgHaGymUF
Malware Config
Targets
-
-
Target
e1c58de6d946a2d73b9906c3b3332986
-
Size
10.7MB
-
MD5
e1c58de6d946a2d73b9906c3b3332986
-
SHA1
2df1005b7fe3f282e36c6edf8d9c5644846fda0a
-
SHA256
06cccb9e6c900be5e08b67a4216657210eec19037e8369957bfc9ff0ccd6ed8d
-
SHA512
04cdcf8910a9b040d9d8ba660eac83d0cdb964f5ca37991bce51987b53cfb7ef309f244c6442c99d9b17ea342cdf4fa16bcbf2763761310d053db3d1415b8b3e
-
SSDEEP
98304:6757h7W7s7N7p7i7j7q7z7U7g7M7A7u7F:QFN8SJVYXgHaGymUF
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-