General
-
Target
a57c6fb6e3bf7b19a7b8a065b0fd8f04
-
Size
3.4MB
-
Sample
240226-flleksdh4s
-
MD5
a57c6fb6e3bf7b19a7b8a065b0fd8f04
-
SHA1
52d3dfa0b06223996e3208880434438b779e1169
-
SHA256
2cbfee188ee0ecb33f6674bdc4042e35f90ab9f4f9111696174ad6133cbd1d1a
-
SHA512
b9580bac8570638bd2586f2263c7faa8cd86faebd31cc278c9ad0eb44ce28618a67032e79834599df91789355b00e03be66e83541b7c5438056e6c26a40bbb11
-
SSDEEP
49152:67N1ahCF0V7N1ahCl0V7N1ahC00V7N1ahCa0V7N1ahC6:6747Y7h7n76
Malware Config
Targets
-
-
Target
a57c6fb6e3bf7b19a7b8a065b0fd8f04
-
Size
3.4MB
-
MD5
a57c6fb6e3bf7b19a7b8a065b0fd8f04
-
SHA1
52d3dfa0b06223996e3208880434438b779e1169
-
SHA256
2cbfee188ee0ecb33f6674bdc4042e35f90ab9f4f9111696174ad6133cbd1d1a
-
SHA512
b9580bac8570638bd2586f2263c7faa8cd86faebd31cc278c9ad0eb44ce28618a67032e79834599df91789355b00e03be66e83541b7c5438056e6c26a40bbb11
-
SSDEEP
49152:67N1ahCF0V7N1ahCl0V7N1ahC00V7N1ahCa0V7N1ahC6:6747Y7h7n76
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Sets file execution options in registry
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-