General
-
Target
875622db22c4dc0cebff758fe84c29ce
-
Size
4.2MB
-
Sample
240201-tsszwsheh2
-
MD5
875622db22c4dc0cebff758fe84c29ce
-
SHA1
a3e45e25161422093a3b41996541f1e32d9690dd
-
SHA256
b92259b89d2d7ab5802cdd1f3832216e06520a241ef6b5e16bc93a39f1b5d6c6
-
SHA512
9ae95b0b5782472797de42ae83232ee9f6f718630d1e6e84a4f73cb97fd01b1b0473ba983c525179fb6da799a7d8307baa773a54f567dad8ebbbd1e65b4f05e2
-
SSDEEP
49152:67N1ahCt0V7N1ahCg0V7N1ahCT0V7N1ahCo0V7N1ahCG0V7N1ahCP0:67g7t7G717T7
Malware Config
Targets
-
-
Target
875622db22c4dc0cebff758fe84c29ce
-
Size
4.2MB
-
MD5
875622db22c4dc0cebff758fe84c29ce
-
SHA1
a3e45e25161422093a3b41996541f1e32d9690dd
-
SHA256
b92259b89d2d7ab5802cdd1f3832216e06520a241ef6b5e16bc93a39f1b5d6c6
-
SHA512
9ae95b0b5782472797de42ae83232ee9f6f718630d1e6e84a4f73cb97fd01b1b0473ba983c525179fb6da799a7d8307baa773a54f567dad8ebbbd1e65b4f05e2
-
SSDEEP
49152:67N1ahCt0V7N1ahCg0V7N1ahCT0V7N1ahCo0V7N1ahCG0V7N1ahCP0:67g7t7G717T7
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-