Overview

overview

10

Static

static

10

1bd1110b8c...5f.exe

windows7-x64

10

1bd1110b8c...5f.exe

windows10-2004-x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    1bd1110b8c50866fd926a254c3ccb7270d9f1a4527e32497f61d40fd92ef055f.exe

  • Size

    2.8MB

  • Sample

    241122-s1mbmszkck

  • MD5

    192e7497b135a1cdccb29cafb6d2a501

  • SHA1

    62959fc8c1b8d51b9c3a79e3b4e4317c2474063b

  • SHA256

    1bd1110b8c50866fd926a254c3ccb7270d9f1a4527e32497f61d40fd92ef055f

  • SHA512

    c61a138a2223fb4e28e0ea78e969480f9429258737e11703dd060e2d891b474deeaa98353395a6e8387190e1a43321492622b0ac8db243a6e5b5969c6c18e167

  • SSDEEP

    49152:67N1ahCT0V7N1ahCN0V7N1ahCY0V7N1ahCc0C:67G7A7l7e

Score
10/10
fakeavdiscoveryfakeavpersistencespyware

Malware Config

Targets

    • Target

      1bd1110b8c50866fd926a254c3ccb7270d9f1a4527e32497f61d40fd92ef055f.exe

    • Size

      2.8MB

    • MD5

      192e7497b135a1cdccb29cafb6d2a501

    • SHA1

      62959fc8c1b8d51b9c3a79e3b4e4317c2474063b

    • SHA256

      1bd1110b8c50866fd926a254c3ccb7270d9f1a4527e32497f61d40fd92ef055f

    • SHA512

      c61a138a2223fb4e28e0ea78e969480f9429258737e11703dd060e2d891b474deeaa98353395a6e8387190e1a43321492622b0ac8db243a6e5b5969c6c18e167

    • SSDEEP

      49152:67N1ahCT0V7N1ahCN0V7N1ahCY0V7N1ahCc0C:67G7A7l7e

    Score
    10/10
    fakeavdiscoveryfakeavpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • Fakeav family

      fakeav

    • FakeAV payload

      fakeavspyware

    • Event Triggered Execution: Image File Execution Options Injection

      persistence

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks