General
-
Target
e78131f3e5193fdb3f7af5329f54991a.zip
-
Size
561KB
-
Sample
240831-h73xvssbjn
-
MD5
c1afb0d39d075e04420817c2ed3109f5
-
SHA1
5b347dd319a94a1154d00679791a3e11619bcdc4
-
SHA256
24734326dae84e26991151c650f92b76bbe4a6b13d7b714d2bd98dc3e1dfc62a
-
SHA512
a224d36fccb55e4ef8ccb9d9c6f888a8dd99b43405a6c5a9aa1f51cd8a547c999cbef0ccb9aad98e2e69be26aaacc0a714137d4b87d63e614ac15e925bb34969
-
SSDEEP
12288:ZXfcGJaZq+LXqqBugbSMffPEuz5e266m2VdLH7rDT2zEAx:dnaZq+7Nkg3fdzA2u2/LbizT
Malware Config
Targets
-
-
Target
a896cb2bb2ab0e0257df2d6863366abdee0147b6163762580820416a31d675b5
-
Size
1024KB
-
MD5
e78131f3e5193fdb3f7af5329f54991a
-
SHA1
6dfb9cdc168c8bda25c5ef581fed44d494f51fcb
-
SHA256
a896cb2bb2ab0e0257df2d6863366abdee0147b6163762580820416a31d675b5
-
SHA512
3e45e7007b37774525194293e3b1c9cda9df2fc30883819611deea2d41d0cb5e093699b2c0a05fb7990e9e492c6ff2ba3a087cfa724167ff35d29bfabf5d24be
-
SSDEEP
24576:n67MnVnpA1lmTx8MmA07AaSuDSwdIE6EhDK67MnVnpA1lmTx8w:67N1ahCQ0V7N1S
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1