fakeav | b0131586915d3fcdc871af8ae4cda2bf474a247f6d89582abe3dfc9237b1cba4 | Triage

Submit
Reports

Overview

overview

Static

static

69cc52208b...a7.exe

windows7-x64

69cc52208b...a7.exe

windows10-2004-x64

Sharing

General

Target

69cc52208b7ee6dd79cd0d9bf380c8a7
Size

2.8MB
Sample

240120-hw73faebh3
MD5

69cc52208b7ee6dd79cd0d9bf380c8a7
SHA1

4bc340f26b7fc829489bea3b10959bf590b3677d
SHA256

b0131586915d3fcdc871af8ae4cda2bf474a247f6d89582abe3dfc9237b1cba4
SHA512

e1c96ed559bc63e6a2746f2f93c23e8d1f41159c71ccc09cc520ebcc7ded5dc73ec11bd5cd8316d3d695fa5d81332cd3fb56fae6b818faa2d5173b5b44196247
SSDEEP

49152:67N1ahCh0V7N1ahCi0V7N1ahCL0V7N1ahChs:67U7P7+7S

Score

10^/10

fakeav fakeav persistence spyware

Static task

static1

fakeav spyware fakeav

3 signatures

Behavioral task

behavioral1

Sample

69cc52208b7ee6dd79cd0d9bf380c8a7.exe

Resource

win7-20231215-en

fakeav fakeav persistence spyware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

69cc52208b7ee6dd79cd0d9bf380c8a7.exe

Resource

win10v2004-20231222-en

fakeav fakeav persistence spyware

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  69cc52208b7ee6dd79cd0d9bf380c8a7
- Size
  
  2.8MB
- MD5
  
  69cc52208b7ee6dd79cd0d9bf380c8a7
- SHA1
  
  4bc340f26b7fc829489bea3b10959bf590b3677d
- SHA256
  
  b0131586915d3fcdc871af8ae4cda2bf474a247f6d89582abe3dfc9237b1cba4
- SHA512
  
  e1c96ed559bc63e6a2746f2f93c23e8d1f41159c71ccc09cc520ebcc7ded5dc73ec11bd5cd8316d3d695fa5d81332cd3fb56fae6b818faa2d5173b5b44196247
- SSDEEP
  
  49152:67N1ahCh0V7N1ahCi0V7N1ahCL0V7N1ahChs:67U7P7+7S
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware

© 2018-2024

Terms | Privacy