fakeav | fa26c0369d7e663f6f8cc322999531818abbf3de5bcaf2dbc30851a5463923d9 | Triage

Submit
Reports

Overview

overview

Static

static

9643a7d366...2d.exe

windows7-x64

9643a7d366...2d.exe

windows10-2004-x64

Sharing

General

Target

9643a7d366552a33c9d82d6af8b2522d
Size

2.8MB
Sample

240212-e8sxhaad51
MD5

9643a7d366552a33c9d82d6af8b2522d
SHA1

188b6f2f40971d6b65246141d60e0aa33d6806b3
SHA256

fa26c0369d7e663f6f8cc322999531818abbf3de5bcaf2dbc30851a5463923d9
SHA512

e4b64ef5211f9824b31a0fbd22f186cf9773e8135924cbda0cd98de820c79cf54bdae6ec03c3ec71679e8379c4f3ff94f6bab7a8128143b1bf4fce8934579a16
SSDEEP

49152:67N1ahCc0V7N1ahCLh0V7N1ahCE0V7N1ahCo0:67J7I7x7

Score

10^/10

fakeav fakeav persistence spyware

Static task

static1

fakeav spyware fakeav

3 signatures

Behavioral task

behavioral1

Sample

9643a7d366552a33c9d82d6af8b2522d.exe

Resource

win7-20231215-en

fakeav fakeav persistence spyware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

9643a7d366552a33c9d82d6af8b2522d.exe

Resource

win10v2004-20231222-en

fakeav fakeav persistence spyware

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  9643a7d366552a33c9d82d6af8b2522d
- Size
  
  2.8MB
- MD5
  
  9643a7d366552a33c9d82d6af8b2522d
- SHA1
  
  188b6f2f40971d6b65246141d60e0aa33d6806b3
- SHA256
  
  fa26c0369d7e663f6f8cc322999531818abbf3de5bcaf2dbc30851a5463923d9
- SHA512
  
  e4b64ef5211f9824b31a0fbd22f186cf9773e8135924cbda0cd98de820c79cf54bdae6ec03c3ec71679e8379c4f3ff94f6bab7a8128143b1bf4fce8934579a16
- SSDEEP
  
  49152:67N1ahCc0V7N1ahCLh0V7N1ahCE0V7N1ahCo0:67J7I7x7
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware

© 2018-2025

Terms | Privacy