General
-
Target
9c31781eee6559d1cff80232ee2a8830N.exe
-
Size
724KB
-
Sample
240816-jthkfaxflk
-
MD5
9c31781eee6559d1cff80232ee2a8830
-
SHA1
a7f9cf061f916e7d85d8184c5e1c99200a891564
-
SHA256
7b779d4f834b1ba9296eb31935e29a5565f607b6c4d259e8b93d265034f858a5
-
SHA512
aa46cc21c1a4d9b6dd5b28f0cf46ca6c78b2f404a0509a4a050d0f6ed1f2aac18a3f80ea35cd9dedc87755ec8fa2275dd1640453b95c5d1aaae217f2cd421da5
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dnNgX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwd6E6o
Malware Config
Targets
-
-
Target
9c31781eee6559d1cff80232ee2a8830N.exe
-
Size
724KB
-
MD5
9c31781eee6559d1cff80232ee2a8830
-
SHA1
a7f9cf061f916e7d85d8184c5e1c99200a891564
-
SHA256
7b779d4f834b1ba9296eb31935e29a5565f607b6c4d259e8b93d265034f858a5
-
SHA512
aa46cc21c1a4d9b6dd5b28f0cf46ca6c78b2f404a0509a4a050d0f6ed1f2aac18a3f80ea35cd9dedc87755ec8fa2275dd1640453b95c5d1aaae217f2cd421da5
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dnNgX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwd6E6o
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1