fakeav | 4bd8fd3095a6fb36a8c0147c6421f3a504b8eb25fa90fd417d5f629baea59b5d | Triage

Submit
Reports

Overview

overview

Static

static

ca85703c7b...ea.exe

windows7-x64

ca85703c7b...ea.exe

windows10-2004-x64

Sharing

General

Target

31d7c4311faf8266e8cfc6b53d212adb.zip
Size

561KB
Sample

240901-hfh4davbpf
MD5

f210cc91f5670f7ef17f7a6b9864c6df
SHA1

2f90b38db0f6766c8a088610ec93c694dd1d5f71
SHA256

4bd8fd3095a6fb36a8c0147c6421f3a504b8eb25fa90fd417d5f629baea59b5d
SHA512

021db1e3f6f3935474058766e449e8cd19838d5f38f82a4f786ff19106bdc5af98ec5fce84300ad3633177d18d2922adde5f19549818bf4e6dedb913dae3a877
SSDEEP

12288:diqxFgkZetJS/fV5Vwn+aqfg+dIus33+ybD2Ome0pQbVtxQI4:dRstc/D1xf9dInOyBmeKQbyI4

Score

10^/10

fakeav discovery fakeav persistence spyware

Static task

static1

fakeav spyware fakeav

3 signatures

Behavioral task

behavioral1

Sample

ca85703c7be548920c84f7672b7dc669be5733351b878d594df0c8af343bb5ea.exe

Resource

win7-20240704-en

fakeav discovery fakeav persistence spyware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

ca85703c7be548920c84f7672b7dc669be5733351b878d594df0c8af343bb5ea.exe

Resource

win10v2004-20240802-en

fakeav discovery fakeav persistence spyware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  ca85703c7be548920c84f7672b7dc669be5733351b878d594df0c8af343bb5ea
- Size
  
  1024KB
- MD5
  
  31d7c4311faf8266e8cfc6b53d212adb
- SHA1
  
  00ea5baf6a504a46ce4227416dd9ba4e11e53510
- SHA256
  
  ca85703c7be548920c84f7672b7dc669be5733351b878d594df0c8af343bb5ea
- SHA512
  
  15941fac44d24d5214f10e95f06e0f5ec7606ca267bd7772435a50f66c816bb2cd2bda947baa2a802f3898f8f8c389245d8a5bed4ac00115cbcfd34d02ff1b51
- SSDEEP
  
  24576:n67MnVnpA1lmTx8MmA07AaSuDSwdDE6EhDK67MnVnpA1lmTx8w:67N1ahC10V7N1S
Score

10^/10

fakeav discovery fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavdiscoveryfakeavpersistencespyware

behavioral2

fakeavdiscoveryfakeavpersistencespyware

© 2018-2024

Terms | Privacy