Overview

overview

10

Static

static

10

91f6fc2abd...e6.exe

windows7-x64

1

91f6fc2abd...e6.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    91f6fc2abd38301bc94798d6dd611de6

  • Size

    7.1MB

  • Sample

    240205-pdkmrafda9

  • MD5

    91f6fc2abd38301bc94798d6dd611de6

  • SHA1

    f01f25f938274e786716b0d7fa362b50c1b1d71a

  • SHA256

    3203da2f35d0686ab42b2f4e8a90bcb68655939b0eced99689dc01c6caa2f323

  • SHA512

    4938aed103449a86187b4234943dd4d19d18c54a089fcc856c08bb00b795ec47b0b4410ca7e3761f5afd960f0ad8922c439bdc56181a2b11b9db8c7333b124c4

  • SSDEEP

    49152:67N1ahCs0V7N1ahCH0V7N1ahCB0V7N1ahCL0V7N1ahCb0V7N1ahCb0V7N1ahCS0D:67Z7K707+7O7O7/787d7

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Targets

    • Target

      91f6fc2abd38301bc94798d6dd611de6

    • Size

      7.1MB

    • MD5

      91f6fc2abd38301bc94798d6dd611de6

    • SHA1

      f01f25f938274e786716b0d7fa362b50c1b1d71a

    • SHA256

      3203da2f35d0686ab42b2f4e8a90bcb68655939b0eced99689dc01c6caa2f323

    • SHA512

      4938aed103449a86187b4234943dd4d19d18c54a089fcc856c08bb00b795ec47b0b4410ca7e3761f5afd960f0ad8922c439bdc56181a2b11b9db8c7333b124c4

    • SSDEEP

      49152:67N1ahCs0V7N1ahCH0V7N1ahCB0V7N1ahCL0V7N1ahCb0V7N1ahCb0V7N1ahCS0D:67Z7K707+7O7O7/787d7

    Score
    10/10
    fakeavfakeavpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • FakeAV payload

      fakeavspyware

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks