fakeav | a074169b76098287cc9ab0feda1824741c929af20f35eac6e4459e48f604779f | Triage

Sharing

General

Target

a074169b76098287cc9ab0feda1824741c929af20f35eac6e4459e48f604779f
Size

711KB
Sample

210504-7h1mm3v5de
MD5

f6eca7e759fe95b4292b10e977d6c114
SHA1

135a65c760ca16260e17276837381a33af5a6759
SHA256

a074169b76098287cc9ab0feda1824741c929af20f35eac6e4459e48f604779f
SHA512

fd0c53c9f3e2b76f16dae81bc310c98b0b8fc24e5a4159dbff656d7abf648cbd8d6612586318d6399541df5a2765c0d2b0a48eafcfa86f8eebc549a352493dd4

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  a074169b76098287cc9ab0feda1824741c929af20f35eac6e4459e48f604779f
- Size
  
  711KB
- MD5
  
  f6eca7e759fe95b4292b10e977d6c114
- SHA1
  
  135a65c760ca16260e17276837381a33af5a6759
- SHA256
  
  a074169b76098287cc9ab0feda1824741c929af20f35eac6e4459e48f604779f
- SHA512
  
  fd0c53c9f3e2b76f16dae81bc310c98b0b8fc24e5a4159dbff656d7abf648cbd8d6612586318d6399541df5a2765c0d2b0a48eafcfa86f8eebc549a352493dd4
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware