fakeav | f410fdede2b8fd16de3f5fe46073d768e179f1f57e6fbef7bbad576cd698d0c5 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

5e9a36c33a...e2.exe

windows7-x64

5e9a36c33a...e2.exe

windows10-2004-x64

Sharing

General

Target

5e9a36c33ab7a7df2929f0f2d9f271e2
Size

8.5MB
Sample

231219-t25p2shbg9
MD5

5e9a36c33ab7a7df2929f0f2d9f271e2
SHA1

de270069bbfbfea2222f54f6f5f8c0917add8839
SHA256

f410fdede2b8fd16de3f5fe46073d768e179f1f57e6fbef7bbad576cd698d0c5
SHA512

e02436664a04486b0a819fe8c019b0d9638ec58c81ceb823ac78a84b252e1b50552b6cfa03f0a0f0c8825a45e5ecb2e5782e1dbe64fd2222ea4150415dc7e826
SSDEEP

49152:67N1ahCQ0V7N1ahCm0V7N1ahC70V7N1ahCy0V7N1ahCl0V7N1ahCL0V7N1ahCp0I:67d7z7u7f7Y7+7c7y7B7v7+7

Score

10^/10

fakeav fakeav persistence spyware

Static task

static1

fakeav spyware fakeav

3 signatures

Behavioral task

behavioral1

Sample

5e9a36c33ab7a7df2929f0f2d9f271e2.exe

Resource

win7-20231215-en

fakeav fakeav persistence spyware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

5e9a36c33ab7a7df2929f0f2d9f271e2.exe

Resource

win10v2004-20231215-en

fakeav fakeav persistence spyware

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  5e9a36c33ab7a7df2929f0f2d9f271e2
- Size
  
  8.5MB
- MD5
  
  5e9a36c33ab7a7df2929f0f2d9f271e2
- SHA1
  
  de270069bbfbfea2222f54f6f5f8c0917add8839
- SHA256
  
  f410fdede2b8fd16de3f5fe46073d768e179f1f57e6fbef7bbad576cd698d0c5
- SHA512
  
  e02436664a04486b0a819fe8c019b0d9638ec58c81ceb823ac78a84b252e1b50552b6cfa03f0a0f0c8825a45e5ecb2e5782e1dbe64fd2222ea4150415dc7e826
- SSDEEP
  
  49152:67N1ahCQ0V7N1ahCm0V7N1ahC70V7N1ahCy0V7N1ahCl0V7N1ahCL0V7N1ahCp0I:67d7z7u7f7Y7+7c7y7B7v7+7
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware

© 2018-2025

Terms | Privacy