fakeav | b3e06d462c041f52ec35f5c9ea1982f18a134d8b510efb600e81b8edfae7ff42 | Triage

Submit
Reports

Overview

overview

Static

static

90f04f6621...3d.exe

windows7-x64

90f04f6621...3d.exe

windows10-2004-x64

Sharing

General

Target

90f04f6621448abf9462295cedd9723d
Size

724KB
Sample

231219-y14tksedd2
MD5

90f04f6621448abf9462295cedd9723d
SHA1

6d94cdfcdf40367200a0c3702b8cdecd983fab59
SHA256

b3e06d462c041f52ec35f5c9ea1982f18a134d8b510efb600e81b8edfae7ff42
SHA512

667fce0fa25def57d4eabb93369e9cefedc558b53bb46b1a66bd7c70756351424c30eea4844e9b5712b2731853966f4b58d45680c79f14dd83d6ff9b11ffa18c
SSDEEP

12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dKNWX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdxE6o

Score

10^/10

fakeav fakeav persistence spyware

Static task

static1

fakeav spyware fakeav

3 signatures

Behavioral task

behavioral1

Sample

90f04f6621448abf9462295cedd9723d.exe

Resource

win7-20231129-en

fakeav fakeav persistence spyware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

90f04f6621448abf9462295cedd9723d.exe

Resource

win10v2004-20231215-en

fakeav fakeav persistence spyware

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  90f04f6621448abf9462295cedd9723d
- Size
  
  724KB
- MD5
  
  90f04f6621448abf9462295cedd9723d
- SHA1
  
  6d94cdfcdf40367200a0c3702b8cdecd983fab59
- SHA256
  
  b3e06d462c041f52ec35f5c9ea1982f18a134d8b510efb600e81b8edfae7ff42
- SHA512
  
  667fce0fa25def57d4eabb93369e9cefedc558b53bb46b1a66bd7c70756351424c30eea4844e9b5712b2731853966f4b58d45680c79f14dd83d6ff9b11ffa18c
- SSDEEP
  
  12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dKNWX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdxE6o
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware

© 2018-2025

Terms | Privacy