General
-
Target
2e0f86b249f25927e15cdaafecf6ead0N.exe
-
Size
724KB
-
Sample
240820-bvpfda1apq
-
MD5
2e0f86b249f25927e15cdaafecf6ead0
-
SHA1
82dfb0cefd1cf8bd79e387d6868ae524f1110e7a
-
SHA256
cb5d22be413fa5e929a0f385f020004e4717188a6ba978503701e41014c5f3ba
-
SHA512
7114a6af92ee5c9c3eaef6578bc33613d6f0a3efde9608f55a1ce9a297e073d22b20095eb2be76b359a8f2c0c24e7f0ea1b26e6b0ffe82265774ccd64d27d9a4
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dmN0X+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdbE6o
Malware Config
Targets
-
-
Target
2e0f86b249f25927e15cdaafecf6ead0N.exe
-
Size
724KB
-
MD5
2e0f86b249f25927e15cdaafecf6ead0
-
SHA1
82dfb0cefd1cf8bd79e387d6868ae524f1110e7a
-
SHA256
cb5d22be413fa5e929a0f385f020004e4717188a6ba978503701e41014c5f3ba
-
SHA512
7114a6af92ee5c9c3eaef6578bc33613d6f0a3efde9608f55a1ce9a297e073d22b20095eb2be76b359a8f2c0c24e7f0ea1b26e6b0ffe82265774ccd64d27d9a4
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dmN0X+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdbE6o
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1