fakeav | 0fabb0e97c85da5b50db6b60cfd829af37ea32123314aea18dbb6d1a6b9d1346 | Triage

Sharing

General

Target

0fabb0e97c85da5b50db6b60cfd829af37ea32123314aea18dbb6d1a6b9d1346
Size

812KB
Sample

201108-2nsrs957ke
MD5

e52d504a4553daa91f238e8b5bc1b505
SHA1

e369974decd386dfcf722ba5864eb1a371c066a7
SHA256

0fabb0e97c85da5b50db6b60cfd829af37ea32123314aea18dbb6d1a6b9d1346
SHA512

e89cb94cd981261550557b8cc000d17e8d25f569659dc7e22b1f75fe8ec4020a2880b8c6c05c1035f01e2b63e463efad16b7cac63ea77d079e5b03547e5f3c54

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  0fabb0e97c85da5b50db6b60cfd829af37ea32123314aea18dbb6d1a6b9d1346
- Size
  
  812KB
- MD5
  
  e52d504a4553daa91f238e8b5bc1b505
- SHA1
  
  e369974decd386dfcf722ba5864eb1a371c066a7
- SHA256
  
  0fabb0e97c85da5b50db6b60cfd829af37ea32123314aea18dbb6d1a6b9d1346
- SHA512
  
  e89cb94cd981261550557b8cc000d17e8d25f569659dc7e22b1f75fe8ec4020a2880b8c6c05c1035f01e2b63e463efad16b7cac63ea77d079e5b03547e5f3c54
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware