General
-
Target
f8779d1b5986425ded188060824b03c1904f08b6650b1e6e3159fb17acdcb321N
-
Size
724KB
-
Sample
240923-pajahswcql
-
MD5
2c4d0638711b5ac354993af592d5ce90
-
SHA1
6012c7f16f113ac7bb4a312528cbff41bfd07c4d
-
SHA256
f8779d1b5986425ded188060824b03c1904f08b6650b1e6e3159fb17acdcb321
-
SHA512
1a1a08b89c04146ab5e338486cddd09bd9c54fbe09058bfd33db7a6c99589aad099668bcc985425e0b5610d7b329f3f4e8b54a395329867d568b747436bb5c58
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0daNfX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwd0E6o
Malware Config
Targets
-
-
Target
f8779d1b5986425ded188060824b03c1904f08b6650b1e6e3159fb17acdcb321N
-
Size
724KB
-
MD5
2c4d0638711b5ac354993af592d5ce90
-
SHA1
6012c7f16f113ac7bb4a312528cbff41bfd07c4d
-
SHA256
f8779d1b5986425ded188060824b03c1904f08b6650b1e6e3159fb17acdcb321
-
SHA512
1a1a08b89c04146ab5e338486cddd09bd9c54fbe09058bfd33db7a6c99589aad099668bcc985425e0b5610d7b329f3f4e8b54a395329867d568b747436bb5c58
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0daNfX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwd0E6o
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1