fakeav | 21705344fed8a60c329fa0daae82f133cd7af70d563df1bc6ce5d79d66f4e1df | Triage

Sharing

General

Target

b2ce33a1fbc3e1eb535eafa0c78a7563
Size

9.0MB
Sample

201214-dwwmep3w9j
MD5

b2ce33a1fbc3e1eb535eafa0c78a7563
SHA1

5fe94084f917195d747ad8bf058613bb50b1039e
SHA256

21705344fed8a60c329fa0daae82f133cd7af70d563df1bc6ce5d79d66f4e1df
SHA512

da39b3621ec349196d2e65828dbd4b5d57bc3eb407cdcdfbeab4b4eee6947cbe1f9a4e4bdbc01bb65299a11f5eb6c12edce810b1b30bd84525a842fbda0741e0

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  b2ce33a1fbc3e1eb535eafa0c78a7563
- Size
  
  9.0MB
- MD5
  
  b2ce33a1fbc3e1eb535eafa0c78a7563
- SHA1
  
  5fe94084f917195d747ad8bf058613bb50b1039e
- SHA256
  
  21705344fed8a60c329fa0daae82f133cd7af70d563df1bc6ce5d79d66f4e1df
- SHA512
  
  da39b3621ec349196d2e65828dbd4b5d57bc3eb407cdcdfbeab4b4eee6947cbe1f9a4e4bdbc01bb65299a11f5eb6c12edce810b1b30bd84525a842fbda0741e0
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware