General

  • Target

    a57c6fb6e3bf7b19a7b8a065b0fd8f04

  • Size

    3.4MB

  • Sample

    240226-flleksdh4s

  • MD5

    a57c6fb6e3bf7b19a7b8a065b0fd8f04

  • SHA1

    52d3dfa0b06223996e3208880434438b779e1169

  • SHA256

    2cbfee188ee0ecb33f6674bdc4042e35f90ab9f4f9111696174ad6133cbd1d1a

  • SHA512

    b9580bac8570638bd2586f2263c7faa8cd86faebd31cc278c9ad0eb44ce28618a67032e79834599df91789355b00e03be66e83541b7c5438056e6c26a40bbb11

  • SSDEEP

    49152:67N1ahCF0V7N1ahCl0V7N1ahC00V7N1ahCa0V7N1ahC6:6747Y7h7n76

Malware Config

Targets

    • Target

      a57c6fb6e3bf7b19a7b8a065b0fd8f04

    • Size

      3.4MB

    • MD5

      a57c6fb6e3bf7b19a7b8a065b0fd8f04

    • SHA1

      52d3dfa0b06223996e3208880434438b779e1169

    • SHA256

      2cbfee188ee0ecb33f6674bdc4042e35f90ab9f4f9111696174ad6133cbd1d1a

    • SHA512

      b9580bac8570638bd2586f2263c7faa8cd86faebd31cc278c9ad0eb44ce28618a67032e79834599df91789355b00e03be66e83541b7c5438056e6c26a40bbb11

    • SSDEEP

      49152:67N1ahCF0V7N1ahCl0V7N1ahC00V7N1ahCa0V7N1ahC6:6747Y7h7n76

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • FakeAV payload

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks