Overview

overview

10

Static

static

10

4f39df1b1d...73.exe

windows7-x64

10

4f39df1b1d...73.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    4f39df1b1d7dce0952d06f6a93d9e773

  • Size

    4.2MB

  • Sample

    240110-bxcjlabcdn

  • MD5

    4f39df1b1d7dce0952d06f6a93d9e773

  • SHA1

    04a3209811a0af52344150c77762742100855ca3

  • SHA256

    b67cd05dbaa02055a83a2d1e169f1e05bb27bd915336c45f03c7fa9de642441f

  • SHA512

    dec8640187a679e7ae04dfab65a429667bdd9b62670c223e05e1dfd7e3aaad5fc5d0add443ea4653071092123f1d833bbb7eddb2d3091771b44de97858879bec

  • SSDEEP

    49152:67N1ahC90V7N1ahC10V7N1ahCv0V7N1ahCR0V7N1ahCQ0V7N1ahCO0:67w7o7y7E7d7

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Targets

    • Target

      4f39df1b1d7dce0952d06f6a93d9e773

    • Size

      4.2MB

    • MD5

      4f39df1b1d7dce0952d06f6a93d9e773

    • SHA1

      04a3209811a0af52344150c77762742100855ca3

    • SHA256

      b67cd05dbaa02055a83a2d1e169f1e05bb27bd915336c45f03c7fa9de642441f

    • SHA512

      dec8640187a679e7ae04dfab65a429667bdd9b62670c223e05e1dfd7e3aaad5fc5d0add443ea4653071092123f1d833bbb7eddb2d3091771b44de97858879bec

    • SSDEEP

      49152:67N1ahC90V7N1ahC10V7N1ahCv0V7N1ahCR0V7N1ahCQ0V7N1ahCO0:67w7o7y7E7d7

    Score
    10/10
    fakeavfakeavpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • FakeAV payload

      fakeavspyware

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks