General

  • Target

    60bf9191889f99f13137e2cb0b9a7110

  • Size

    724KB

  • Sample

    240116-yrw3dahgdq

  • MD5

    60bf9191889f99f13137e2cb0b9a7110

  • SHA1

    4205d92030658e7c8d3bb8ee14c6a2928ec8c7b3

  • SHA256

    8bec7084801266424fa7375aed6dad06178c9a59f7b48b57a0bc86ddefb91ffa

  • SHA512

    e5b89c4cb6306925c9a848c5aa3846ef8250dbabbdf48ee2a4575a8d648b62c0fcb4901cf82a9ce32ffe68a8a056d6e5ded09f8af73f6fbe534e83782f9ba449

  • SSDEEP

    12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dqNFX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdyE6o

Malware Config

Targets

    • Target

      60bf9191889f99f13137e2cb0b9a7110

    • Size

      724KB

    • MD5

      60bf9191889f99f13137e2cb0b9a7110

    • SHA1

      4205d92030658e7c8d3bb8ee14c6a2928ec8c7b3

    • SHA256

      8bec7084801266424fa7375aed6dad06178c9a59f7b48b57a0bc86ddefb91ffa

    • SHA512

      e5b89c4cb6306925c9a848c5aa3846ef8250dbabbdf48ee2a4575a8d648b62c0fcb4901cf82a9ce32ffe68a8a056d6e5ded09f8af73f6fbe534e83782f9ba449

    • SSDEEP

      12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dqNFX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdyE6o

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • FakeAV payload

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks