fakeav | ee9ca58da73b9c0eae2dc512d655c4f98ee0d8c47b34bf8c9633ddeff206f485 | Triage

Submit
Reports

Overview

overview

Static

static

ee9ca58da7...85.exe

windows7-x64

ee9ca58da7...85.exe

windows10-2004-x64

Sharing

General

Target

ee9ca58da73b9c0eae2dc512d655c4f98ee0d8c47b34bf8c9633ddeff206f485
Size

724KB
Sample

240831-eskk7avfqk
MD5

348b169feafb518c5b184cd102f9ecb4
SHA1

b034a348346fb3f8cf36eda365adec520aaf39a9
SHA256

ee9ca58da73b9c0eae2dc512d655c4f98ee0d8c47b34bf8c9633ddeff206f485
SHA512

f131d6dd8b438a4ff4a15a43ff502ff63565e75db22f121397a17372ee491933a4772b50ab92cf11447b4e6c254bc786fea569374587cb3c363b25f77f96612d
SSDEEP

12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dXNqTX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwd2E6o

Score

10^/10

fakeav discovery fakeav persistence spyware

Static task

static1

fakeav spyware fakeav

3 signatures

Behavioral task

behavioral1

Sample

ee9ca58da73b9c0eae2dc512d655c4f98ee0d8c47b34bf8c9633ddeff206f485.exe

Resource

win7-20240705-en

fakeav discovery fakeav persistence spyware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ee9ca58da73b9c0eae2dc512d655c4f98ee0d8c47b34bf8c9633ddeff206f485.exe

Resource

win10v2004-20240802-en

fakeav discovery fakeav persistence spyware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  ee9ca58da73b9c0eae2dc512d655c4f98ee0d8c47b34bf8c9633ddeff206f485
- Size
  
  724KB
- MD5
  
  348b169feafb518c5b184cd102f9ecb4
- SHA1
  
  b034a348346fb3f8cf36eda365adec520aaf39a9
- SHA256
  
  ee9ca58da73b9c0eae2dc512d655c4f98ee0d8c47b34bf8c9633ddeff206f485
- SHA512
  
  f131d6dd8b438a4ff4a15a43ff502ff63565e75db22f121397a17372ee491933a4772b50ab92cf11447b4e6c254bc786fea569374587cb3c363b25f77f96612d
- SSDEEP
  
  12288:lB6jfu9W5qVnpA1P9mTx87m7HGA04OBGaSuQalOZeW0dXNqTX+pd167QhEQJ:n67MnVnpA1lmTx8MmA07AaSuDSwd2E6o
Score

10^/10

fakeav discovery fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavdiscoveryfakeavpersistencespyware

behavioral2

fakeavdiscoveryfakeavpersistencespyware

© 2018-2025

Terms | Privacy