General
-
Target
49f90a106b32fddd4d44bb908f3fe2a3
-
Size
3.4MB
-
Sample
240107-2p9r8sggf4
-
MD5
49f90a106b32fddd4d44bb908f3fe2a3
-
SHA1
fb28b0de50455201c894a9cdd154aff79e6e6bbd
-
SHA256
e148ad4f83c224428482a1b911fc70f13e12c1940f9578b7b390ba6158985cae
-
SHA512
681a782a28b985b792eb212a897e16402bcb5f8f50ba22f327feeccb862ae823fd6acf97227fbb70f8ec5668bc8085987b201e4f90af3d18a2755b0ceb7e1197
-
SSDEEP
49152:67N1ahCT0V7N1ahCx0V7N1ahCT0V7N1ahCc0V7N1ahCH:67G7k7G7J7H
Malware Config
Targets
-
-
Target
49f90a106b32fddd4d44bb908f3fe2a3
-
Size
3.4MB
-
MD5
49f90a106b32fddd4d44bb908f3fe2a3
-
SHA1
fb28b0de50455201c894a9cdd154aff79e6e6bbd
-
SHA256
e148ad4f83c224428482a1b911fc70f13e12c1940f9578b7b390ba6158985cae
-
SHA512
681a782a28b985b792eb212a897e16402bcb5f8f50ba22f327feeccb862ae823fd6acf97227fbb70f8ec5668bc8085987b201e4f90af3d18a2755b0ceb7e1197
-
SSDEEP
49152:67N1ahCT0V7N1ahCx0V7N1ahCT0V7N1ahCc0V7N1ahCH:67G7k7G7J7H
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-