General
-
Target
e7b05e88ce3dee4874c2c9233768cb925c51d3f0e65708a64d543d231446b1cd
-
Size
724KB
-
Sample
240922-bpmdtsvfjj
-
MD5
731f562f736a42fc6dacec628a6b40fd
-
SHA1
4ec7086962b96c2fbf19c882f06d42f5b61241ae
-
SHA256
e7b05e88ce3dee4874c2c9233768cb925c51d3f0e65708a64d543d231446b1cd
-
SHA512
736ceaff1a1fd889d7767128427775c297a2c3ff4bcacb07148039078843185a0ffb64b8e2427f613cf0456af7e5d5f44dd5c76279cf9ede3b342129299ad451
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dWNdX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwd+E6o
Malware Config
Targets
-
-
Target
e7b05e88ce3dee4874c2c9233768cb925c51d3f0e65708a64d543d231446b1cd
-
Size
724KB
-
MD5
731f562f736a42fc6dacec628a6b40fd
-
SHA1
4ec7086962b96c2fbf19c882f06d42f5b61241ae
-
SHA256
e7b05e88ce3dee4874c2c9233768cb925c51d3f0e65708a64d543d231446b1cd
-
SHA512
736ceaff1a1fd889d7767128427775c297a2c3ff4bcacb07148039078843185a0ffb64b8e2427f613cf0456af7e5d5f44dd5c76279cf9ede3b342129299ad451
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dWNdX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwd+E6o
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1