fakeav | 5c726df30e5687619d85e5fd1a17e620f387b7a66934eca1e033db11d35f6ce3 | Triage

Sharing

General

Target

83a813b3de1ad4b803fe29705d2142c0
Size

1.6MB
Sample

201214-ysc62hah6e
MD5

83a813b3de1ad4b803fe29705d2142c0
SHA1

4fca64043da75764db7887dcf09022e6c8b493d6
SHA256

5c726df30e5687619d85e5fd1a17e620f387b7a66934eca1e033db11d35f6ce3
SHA512

9533abc240b7326b2b2bb4f1a8e051fd4dcf83c27da857be9d2bcc5113dad6fe22564054935a703fdd2eec033227e8771087de3629d80b424d228faf8cf45e1c

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  83a813b3de1ad4b803fe29705d2142c0
- Size
  
  1.6MB
- MD5
  
  83a813b3de1ad4b803fe29705d2142c0
- SHA1
  
  4fca64043da75764db7887dcf09022e6c8b493d6
- SHA256
  
  5c726df30e5687619d85e5fd1a17e620f387b7a66934eca1e033db11d35f6ce3
- SHA512
  
  9533abc240b7326b2b2bb4f1a8e051fd4dcf83c27da857be9d2bcc5113dad6fe22564054935a703fdd2eec033227e8771087de3629d80b424d228faf8cf45e1c
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware