General

  • Target

    875622db22c4dc0cebff758fe84c29ce

  • Size

    4.2MB

  • Sample

    240201-tsszwsheh2

  • MD5

    875622db22c4dc0cebff758fe84c29ce

  • SHA1

    a3e45e25161422093a3b41996541f1e32d9690dd

  • SHA256

    b92259b89d2d7ab5802cdd1f3832216e06520a241ef6b5e16bc93a39f1b5d6c6

  • SHA512

    9ae95b0b5782472797de42ae83232ee9f6f718630d1e6e84a4f73cb97fd01b1b0473ba983c525179fb6da799a7d8307baa773a54f567dad8ebbbd1e65b4f05e2

  • SSDEEP

    49152:67N1ahCt0V7N1ahCg0V7N1ahCT0V7N1ahCo0V7N1ahCG0V7N1ahCP0:67g7t7G717T7

Malware Config

Targets

    • Target

      875622db22c4dc0cebff758fe84c29ce

    • Size

      4.2MB

    • MD5

      875622db22c4dc0cebff758fe84c29ce

    • SHA1

      a3e45e25161422093a3b41996541f1e32d9690dd

    • SHA256

      b92259b89d2d7ab5802cdd1f3832216e06520a241ef6b5e16bc93a39f1b5d6c6

    • SHA512

      9ae95b0b5782472797de42ae83232ee9f6f718630d1e6e84a4f73cb97fd01b1b0473ba983c525179fb6da799a7d8307baa773a54f567dad8ebbbd1e65b4f05e2

    • SSDEEP

      49152:67N1ahCt0V7N1ahCg0V7N1ahCT0V7N1ahCo0V7N1ahCG0V7N1ahCP0:67g7t7G717T7

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • FakeAV payload

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks