General

  • Target

    938d9243c724698e175aae61ecd6e9588bbb9be701a06b1d06b516fc77054e73

  • Size

    724KB

  • Sample

    240307-2chg8agf7w

  • MD5

    3651c2a390ed2c50005aaba1b1b3652e

  • SHA1

    acd9d56774b11ab0f14fd84b9a446751e0714c5b

  • SHA256

    938d9243c724698e175aae61ecd6e9588bbb9be701a06b1d06b516fc77054e73

  • SHA512

    08adffb5d0d3c0f7ae74c99909fa8502f0e753b9b0be3776c24ef86f5edba878f614351a8d3e0c55d55f8058f6f72e393a31973cbb96a2689a9f6965e1ae1864

  • SSDEEP

    12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dLNYX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdGE6o

Malware Config

Targets

    • Target

      938d9243c724698e175aae61ecd6e9588bbb9be701a06b1d06b516fc77054e73

    • Size

      724KB

    • MD5

      3651c2a390ed2c50005aaba1b1b3652e

    • SHA1

      acd9d56774b11ab0f14fd84b9a446751e0714c5b

    • SHA256

      938d9243c724698e175aae61ecd6e9588bbb9be701a06b1d06b516fc77054e73

    • SHA512

      08adffb5d0d3c0f7ae74c99909fa8502f0e753b9b0be3776c24ef86f5edba878f614351a8d3e0c55d55f8058f6f72e393a31973cbb96a2689a9f6965e1ae1864

    • SSDEEP

      12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dLNYX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdGE6o

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • FakeAV payload

    • Sets file execution options in registry

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Matrix ATT&CK v13

Persistence

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

2
T1547

Registry Run Keys / Startup Folder

2
T1547.001

Defense Evasion

Modify Registry

2
T1112

Discovery

Query Registry

1
T1012

System Information Discovery

2
T1082

Tasks