fakeav | 6c4311d3fb40809b820a398f72d5004412a5fcedb5f027ab40df76954ddc6491 | Triage

Submit
Reports

Overview

overview

Static

static

6c4311d3fb...91.exe

windows7-x64

6c4311d3fb...91.exe

windows10-2004-x64

Sharing

General

Target

6c4311d3fb40809b820a398f72d5004412a5fcedb5f027ab40df76954ddc6491
Size

724KB
Sample

240515-26lrqsgh8t
MD5

657094c52e5453a9b2a13044be688464
SHA1

accca684a8508a6303ad7ea875654fe3fb3127f3
SHA256

6c4311d3fb40809b820a398f72d5004412a5fcedb5f027ab40df76954ddc6491
SHA512

86cd453b66b68773cf10458d1aceec50f4c981b46219b2963bef8b903d55eefa8b6ea93f468cbf650c707449e98fbf190aa15d1a99815051ce68c2f16b04b244
SSDEEP

12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dNNyX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdWE6o

Score

10^/10

fakeav fakeav persistence spyware

Static task

static1

fakeav spyware fakeav

3 signatures

Behavioral task

behavioral1

Sample

6c4311d3fb40809b820a398f72d5004412a5fcedb5f027ab40df76954ddc6491.exe

Resource

win7-20240508-en

fakeav fakeav persistence spyware

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

6c4311d3fb40809b820a398f72d5004412a5fcedb5f027ab40df76954ddc6491.exe

Resource

win10v2004-20240426-en

fakeav fakeav persistence spyware

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  6c4311d3fb40809b820a398f72d5004412a5fcedb5f027ab40df76954ddc6491
- Size
  
  724KB
- MD5
  
  657094c52e5453a9b2a13044be688464
- SHA1
  
  accca684a8508a6303ad7ea875654fe3fb3127f3
- SHA256
  
  6c4311d3fb40809b820a398f72d5004412a5fcedb5f027ab40df76954ddc6491
- SHA512
  
  86cd453b66b68773cf10458d1aceec50f4c981b46219b2963bef8b903d55eefa8b6ea93f468cbf650c707449e98fbf190aa15d1a99815051ce68c2f16b04b244
- SSDEEP
  
  12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dNNyX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwdWE6o
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Sets file execution options in registry
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware

© 2018-2024

Terms | Privacy