fakeav | dd7527017c77d9af5a1f99b01565d0d0906581c9868c01c54192a0f5f20c7540 | Triage

Submit
Reports

Overview

overview

Static

static

09642ca6ae...18.exe

windows7-x64

09642ca6ae...18.exe

windows10-2004-x64

Sharing

General

Target

09642ca6aee9c9ea7961cc94b2a5b3ce_JaffaCakes118
Size

4.2MB
Sample

241002-hkab2awdje
MD5

09642ca6aee9c9ea7961cc94b2a5b3ce
SHA1

84aa7aabec3e5caa66de392ffe9bd6bf1b5fa826
SHA256

dd7527017c77d9af5a1f99b01565d0d0906581c9868c01c54192a0f5f20c7540
SHA512

911d824616a4abe9121edd83bac0efeadb1984a11e50cb061d2c5cc0eb8e6ad55c83e7994b61c20a852ef8645ea1450b5f1a9e4bb2b0edc072d10829f94255c7
SSDEEP

49152:67N1ahCM0V7N1ahCl0V7N1ahCv0V7N1ahCF0V7N1ahCR0V7N1ahCD0:6757Y7y747E7

Score

10^/10

fakeav discovery fakeav persistence spyware

Static task

static1

fakeav spyware fakeav

3 signatures

Behavioral task

behavioral1

Sample

09642ca6aee9c9ea7961cc94b2a5b3ce_JaffaCakes118.exe

Resource

win7-20240903-en

fakeav discovery fakeav persistence spyware

windows7-x64

13 signatures

150 seconds

Behavioral task

behavioral2

Sample

09642ca6aee9c9ea7961cc94b2a5b3ce_JaffaCakes118.exe

Resource

win10v2004-20240802-en

fakeav discovery fakeav persistence spyware

windows10-2004-x64

13 signatures

150 seconds

Malware Config

Targets

- Target
  
  09642ca6aee9c9ea7961cc94b2a5b3ce_JaffaCakes118
- Size
  
  4.2MB
- MD5
  
  09642ca6aee9c9ea7961cc94b2a5b3ce
- SHA1
  
  84aa7aabec3e5caa66de392ffe9bd6bf1b5fa826
- SHA256
  
  dd7527017c77d9af5a1f99b01565d0d0906581c9868c01c54192a0f5f20c7540
- SHA512
  
  911d824616a4abe9121edd83bac0efeadb1984a11e50cb061d2c5cc0eb8e6ad55c83e7994b61c20a852ef8645ea1450b5f1a9e4bb2b0edc072d10829f94255c7
- SSDEEP
  
  49152:67N1ahCM0V7N1ahCl0V7N1ahCv0V7N1ahCF0V7N1ahCR0V7N1ahCD0:6757Y7y747E7
Score

10^/10

fakeav discovery fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Event Triggered Execution: Image File Execution Options Injection
  persistence
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Event Triggered Execution

Image File Execution Options Injection

Defense Evasion

Modify Registry

Credential Access

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavdiscoveryfakeavpersistencespyware

behavioral2

fakeavdiscoveryfakeavpersistencespyware

© 2018-2024

Terms | Privacy