General
-
Target
718c2623e20cd2ab3896ed278bb87a1eb6a7ab0b8b7bd734984b622e6b91c969N
-
Size
724KB
-
Sample
241005-t5adbaxbmk
-
MD5
b2354b190bb312fdceaf765520b21eb0
-
SHA1
b56b4d8ac28212217c9ef4d526727228e8d0be5d
-
SHA256
718c2623e20cd2ab3896ed278bb87a1eb6a7ab0b8b7bd734984b622e6b91c969
-
SHA512
9a9c9c8f9e5a98df39fb32d975d5b9dd94e6d7420ef4ae625ba778ff8d6df64fc1f999d34523fd6a7d3b0bf0a81e67f9a1558bd58caab0060f1ebf1d78b38718
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dUNCX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwd/E6o
Malware Config
Targets
-
-
Target
718c2623e20cd2ab3896ed278bb87a1eb6a7ab0b8b7bd734984b622e6b91c969N
-
Size
724KB
-
MD5
b2354b190bb312fdceaf765520b21eb0
-
SHA1
b56b4d8ac28212217c9ef4d526727228e8d0be5d
-
SHA256
718c2623e20cd2ab3896ed278bb87a1eb6a7ab0b8b7bd734984b622e6b91c969
-
SHA512
9a9c9c8f9e5a98df39fb32d975d5b9dd94e6d7420ef4ae625ba778ff8d6df64fc1f999d34523fd6a7d3b0bf0a81e67f9a1558bd58caab0060f1ebf1d78b38718
-
SSDEEP
12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dUNCX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwd/E6o
Score10/10-
FakeAV, RogueAntivirus
FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
-
FakeAV payload
-
Event Triggered Execution: Image File Execution Options Injection
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Drops file in System32 directory
-
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Image File Execution Options Injection
1