fakeav | 454efb877c6a28e5ad6949c6aae6337b43e401a37c2bc8a3ec94a27105379e6c | Triage

Submit
Reports

Overview

overview

Static

static

454efb877c...6c.exe

windows7_x64

454efb877c...6c.exe

windows10-2004_x64

Sharing

General

Target

454efb877c6a28e5ad6949c6aae6337b43e401a37c2bc8a3ec94a27105379e6c
Size

724KB
Sample

220309-bx8a9scab3
MD5

00c58f2c7a210f382d618af7fe595913
SHA1

0d3ec1f69bc92ef64a4e4d175f7c22d53249f0ad
SHA256

454efb877c6a28e5ad6949c6aae6337b43e401a37c2bc8a3ec94a27105379e6c
SHA512

49d48b3b8eec145b93f1f6d196e8db7003d728fccd70d5e0020982e31dc71c4dcb2a81e4db2cc0bf0bc3ad2d68ab7cea1cf36d5e0839df922325873bf4949960

Score

10^/10

fakeav fakeav persistence spyware

Static task

static1

fakeav spyware fakeav

Behavioral task

behavioral1

Sample

454efb877c6a28e5ad6949c6aae6337b43e401a37c2bc8a3ec94a27105379e6c.exe

Resource

win7-20220223-en

fakeav fakeav persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

454efb877c6a28e5ad6949c6aae6337b43e401a37c2bc8a3ec94a27105379e6c.exe

Resource

win10v2004-en-20220113

fakeav fakeav persistence spyware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  454efb877c6a28e5ad6949c6aae6337b43e401a37c2bc8a3ec94a27105379e6c
- Size
  
  724KB
- MD5
  
  00c58f2c7a210f382d618af7fe595913
- SHA1
  
  0d3ec1f69bc92ef64a4e4d175f7c22d53249f0ad
- SHA256
  
  454efb877c6a28e5ad6949c6aae6337b43e401a37c2bc8a3ec94a27105379e6c
- SHA512
  
  49d48b3b8eec145b93f1f6d196e8db7003d728fccd70d5e0020982e31dc71c4dcb2a81e4db2cc0bf0bc3ad2d68ab7cea1cf36d5e0839df922325873bf4949960
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware

© 2018-2025

Terms | Privacy