Overview

overview

10

Static

static

10

e1e1b084f9...18.exe

windows7-x64

10

e1e1b084f9...18.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    e1e1b084f9f092bd7b8d80646998ef18

  • Size

    3.5MB

  • Sample

    240327-rqr9gahb3v

  • MD5

    e1e1b084f9f092bd7b8d80646998ef18

  • SHA1

    46a8ea1b10f903d99ea35d108e0c0e77b1bca6e0

  • SHA256

    9a0e4f289d67a2ec2529052483de3113b27e57ab2abfad67c22393d1be93fe28

  • SHA512

    0fd29a315abe28ebd926492580b99d4d157f76d8d60bd344858eabcd1d108a8344716dbe3db8bbbc370ef96aeba694b5a2279507362a319f14a0bda6ec28178c

  • SSDEEP

    49152:67N1ahCs0V7N1ahCm0V7N1ahCs0V7N1ahCy0V7N1ahCm0:67Z7z7Z7f7

Score
10/10
fakeavfakeavpersistencespyware

Malware Config

Targets

    • Target

      e1e1b084f9f092bd7b8d80646998ef18

    • Size

      3.5MB

    • MD5

      e1e1b084f9f092bd7b8d80646998ef18

    • SHA1

      46a8ea1b10f903d99ea35d108e0c0e77b1bca6e0

    • SHA256

      9a0e4f289d67a2ec2529052483de3113b27e57ab2abfad67c22393d1be93fe28

    • SHA512

      0fd29a315abe28ebd926492580b99d4d157f76d8d60bd344858eabcd1d108a8344716dbe3db8bbbc370ef96aeba694b5a2279507362a319f14a0bda6ec28178c

    • SSDEEP

      49152:67N1ahCs0V7N1ahCm0V7N1ahCs0V7N1ahCy0V7N1ahCm0:67Z7z7Z7f7

    Score
    10/10
    fakeavfakeavpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • FakeAV payload

      fakeavspyware

    • Sets file execution options in registry

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks