fakeav | bb99a6d992f6b89bb53cc6101f1abb8e8f8168e9f3e788e5542dcf598674ff44 | Triage

Sharing

General

Target

bb99a6d992f6b89bb53cc6101f1abb8e8f8168e9f3e788e5542dcf598674ff44
Size

711KB
Sample

210508-4prh8mjy62
MD5

bf0fbbb69d4a64d11a2f296720864699
SHA1

2bd682ea9a526e8a74d8f9134773846e3098886b
SHA256

bb99a6d992f6b89bb53cc6101f1abb8e8f8168e9f3e788e5542dcf598674ff44
SHA512

17b659053506157b4013789b27d238abe12e12c40669bdee82ee0b7d30ee1738e304e46c57a71e9355925af12ad54145f62224308f489d5e4cf4bc93402b518f

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  bb99a6d992f6b89bb53cc6101f1abb8e8f8168e9f3e788e5542dcf598674ff44
- Size
  
  711KB
- MD5
  
  bf0fbbb69d4a64d11a2f296720864699
- SHA1
  
  2bd682ea9a526e8a74d8f9134773846e3098886b
- SHA256
  
  bb99a6d992f6b89bb53cc6101f1abb8e8f8168e9f3e788e5542dcf598674ff44
- SHA512
  
  17b659053506157b4013789b27d238abe12e12c40669bdee82ee0b7d30ee1738e304e46c57a71e9355925af12ad54145f62224308f489d5e4cf4bc93402b518f
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware