fakeav | 2b4aaddb878cef7e9f328ff83d4a09fcf241777e6e8b430635822643667201d1 | Triage

Sharing

General

Target

953c2f4ec0e5a7a97506cab6cde74053
Size

711KB
Sample

201214-gb8bnjptrj
MD5

953c2f4ec0e5a7a97506cab6cde74053
SHA1

fd6932917b142e10fe3eeac4309cf9e8e8537dbb
SHA256

2b4aaddb878cef7e9f328ff83d4a09fcf241777e6e8b430635822643667201d1
SHA512

45b6e761c0e640adb450108207f5778ff71ae442664162f61623e695c4278ac159a93b24fc2698caea12de14cd4f843c69d987d56825102f0f195654e5047099

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  953c2f4ec0e5a7a97506cab6cde74053
- Size
  
  711KB
- MD5
  
  953c2f4ec0e5a7a97506cab6cde74053
- SHA1
  
  fd6932917b142e10fe3eeac4309cf9e8e8537dbb
- SHA256
  
  2b4aaddb878cef7e9f328ff83d4a09fcf241777e6e8b430635822643667201d1
- SHA512
  
  45b6e761c0e640adb450108207f5778ff71ae442664162f61623e695c4278ac159a93b24fc2698caea12de14cd4f843c69d987d56825102f0f195654e5047099
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware