fakeav | 4db97cd6aae9c71a0fb097f48307c1dce2a91fc7e9f1294b50ae566c1c810fe2 | Triage

Submit
Reports

Overview

overview

Static

static

4db97cd6aa...e2.exe

windows7_x64

4db97cd6aa...e2.exe

windows10-2004_x64

Sharing

General

Target

4db97cd6aae9c71a0fb097f48307c1dce2a91fc7e9f1294b50ae566c1c810fe2
Size

724KB
Sample

220703-vbe75shbdn
MD5

3b56cc7c5801f442f7542e7c57382adc
SHA1

9d669a1c0f33bdba79e21ac520df1168e10e9eda
SHA256

4db97cd6aae9c71a0fb097f48307c1dce2a91fc7e9f1294b50ae566c1c810fe2
SHA512

388bdde4ed675e55181603a47ee161e20cd33b9e507f101cf0a0d19a6a8f8f1d9d61e221e650fe748af483e465ebfcae4534282428be074e68e5d2bc90d3890c

Score

10^/10

fakeav fakeav persistence spyware

Static task

static1

fakeav spyware fakeav

Behavioral task

behavioral1

Sample

4db97cd6aae9c71a0fb097f48307c1dce2a91fc7e9f1294b50ae566c1c810fe2.exe

Resource

win7-20220414-en

fakeav fakeav persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4db97cd6aae9c71a0fb097f48307c1dce2a91fc7e9f1294b50ae566c1c810fe2.exe

Resource

win10v2004-20220414-en

fakeav fakeav persistence spyware

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  4db97cd6aae9c71a0fb097f48307c1dce2a91fc7e9f1294b50ae566c1c810fe2
- Size
  
  724KB
- MD5
  
  3b56cc7c5801f442f7542e7c57382adc
- SHA1
  
  9d669a1c0f33bdba79e21ac520df1168e10e9eda
- SHA256
  
  4db97cd6aae9c71a0fb097f48307c1dce2a91fc7e9f1294b50ae566c1c810fe2
- SHA512
  
  388bdde4ed675e55181603a47ee161e20cd33b9e507f101cf0a0d19a6a8f8f1d9d61e221e650fe748af483e465ebfcae4534282428be074e68e5d2bc90d3890c
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware

© 2018-2025

Terms | Privacy