Overview

overview

10

Static

static

10

492ebbcaf4...7b.exe

windows7-x64

10

492ebbcaf4...7b.exe

windows10-2004-x64

1

Sharing

Copy URL
Twitter E-mail

General

  • Target

    492ebbcaf468a4099e32a44ce2d4d27b

  • Size

    724KB

  • Sample

    240107-rf9e1ahhc6

  • MD5

    492ebbcaf468a4099e32a44ce2d4d27b

  • SHA1

    5c04a386759855e86836d368b2750695e61553cf

  • SHA256

    55b040754a17d7dc281e27445acef923e0d3bca085b9eac9f150fdfe5f5a4921

  • SHA512

    38c436c1030671b6051c6d82f1d129e5b51d4e8903be6b594f6f47bbc1b7e47a82273849bc76fa282c24f5e4eabad0f28f4d0e9db2e8f328d497641d16b90928

  • SSDEEP

    12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dNN5X+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdlE6o

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Targets

    • Target

      492ebbcaf468a4099e32a44ce2d4d27b

    • Size

      724KB

    • MD5

      492ebbcaf468a4099e32a44ce2d4d27b

    • SHA1

      5c04a386759855e86836d368b2750695e61553cf

    • SHA256

      55b040754a17d7dc281e27445acef923e0d3bca085b9eac9f150fdfe5f5a4921

    • SHA512

      38c436c1030671b6051c6d82f1d129e5b51d4e8903be6b594f6f47bbc1b7e47a82273849bc76fa282c24f5e4eabad0f28f4d0e9db2e8f328d497641d16b90928

    • SSDEEP

      12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dNN5X+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdlE6o

    Score
    10/10
    fakeavfakeavpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • FakeAV payload

      fakeavspyware

    • Sets file execution options in registry

      persistence

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks