General
-
Target
021ab26ce107408d44b31ccc082f7ffbf9231aefe0bb652e875db983c6aff7c5N
-
Size
724KB
-
Sample
240919-yspppaxfpf
-
MD5
025a381eef44ba5cce0e0b271d357fd0
-
SHA1
61dc303f848263a93a758ab4c6eb5d80fb8f91ee
-
SHA256
021ab26ce107408d44b31ccc082f7ffbf9231aefe0bb652e875db983c6aff7c5
-
SHA512
45724481781aeb952f73ce2182cd18eab54bc1aa0d290e40916b96dda2a2ac67cfddd72e7db33d0faf4aaf1ffb89a4c5a5fbd8b787d875385a5e124728e6a7c4
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0d2NCX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdhE6o
Malware Config
Targets
-
-
Target
021ab26ce107408d44b31ccc082f7ffbf9231aefe0bb652e875db983c6aff7c5N
-
Size
724KB
-
MD5
025a381eef44ba5cce0e0b271d357fd0
-
SHA1
61dc303f848263a93a758ab4c6eb5d80fb8f91ee
-
SHA256
021ab26ce107408d44b31ccc082f7ffbf9231aefe0bb652e875db983c6aff7c5
-
SHA512
45724481781aeb952f73ce2182cd18eab54bc1aa0d290e40916b96dda2a2ac67cfddd72e7db33d0faf4aaf1ffb89a4c5a5fbd8b787d875385a5e124728e6a7c4
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0d2NCX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdhE6o
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1