fakeav | 518bdbe35e8667760626958cca681e8e83ebf9ca800223df2f9670cec8813e1d | Triage

Submit
Reports

Overview

overview

Static

static

518bdbe35e...1d.exe

windows7-x64

518bdbe35e...1d.exe

windows10-2004-x64

Sharing

General

Target

518bdbe35e8667760626958cca681e8e83ebf9ca800223df2f9670cec8813e1d
Size

724KB
Sample

240416-1vx5ysfc2x
MD5

7d3ff34809a26ac48ab086499b4030f7
SHA1

02f67eaff1b74cea164760c71f3393555ddfce8d
SHA256

518bdbe35e8667760626958cca681e8e83ebf9ca800223df2f9670cec8813e1d
SHA512

5b8e2ede2e65728155ad997db12e018813563154ccfd2313744c5d57506a4f8261ef5a8dcf6c3ba7044c9c14cffbcd9dacd6c61a11248fb94988283349f22953
SSDEEP

12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dkNyX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwd7E6o

Score

10^/10

fakeav fakeav persistence spyware

Static task

static1

fakeav spyware fakeav

3 signatures

Behavioral task

behavioral1

Sample

518bdbe35e8667760626958cca681e8e83ebf9ca800223df2f9670cec8813e1d.exe

Resource

win7-20231129-en

fakeav fakeav persistence spyware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

518bdbe35e8667760626958cca681e8e83ebf9ca800223df2f9670cec8813e1d.exe

Resource

win10v2004-20240226-en

fakeav fakeav persistence spyware

windows10-2004-x64

11 signatures

150 seconds

Malware Config

Targets

- Target
  
  518bdbe35e8667760626958cca681e8e83ebf9ca800223df2f9670cec8813e1d
- Size
  
  724KB
- MD5
  
  7d3ff34809a26ac48ab086499b4030f7
- SHA1
  
  02f67eaff1b74cea164760c71f3393555ddfce8d
- SHA256
  
  518bdbe35e8667760626958cca681e8e83ebf9ca800223df2f9670cec8813e1d
- SHA512
  
  5b8e2ede2e65728155ad997db12e018813563154ccfd2313744c5d57506a4f8261ef5a8dcf6c3ba7044c9c14cffbcd9dacd6c61a11248fb94988283349f22953
- SSDEEP
  
  12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dkNyX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwd7E6o
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware

© 2018-2024

Terms | Privacy