fakeav | 464cbaeeff1c358d206867396bfcb402f105574e62d403b81dc1e895f3675b46 | Triage

Sharing

General

Target

464cbaeeff1c358d206867396bfcb402f105574e62d403b81dc1e895f3675b46
Size

1.6MB
Sample

210508-eeytr3kvdx
MD5

1b77c97f5da9633524d0741216d88717
SHA1

e70a75996905b45e495d0b9b5b17db0aa06ea94b
SHA256

464cbaeeff1c358d206867396bfcb402f105574e62d403b81dc1e895f3675b46
SHA512

56f1e17f8d705467a8c57c1e1976b8d58139f05acf91ac5586a46680632bea31a6472e217ed929c69e60456f7c44277728c88e09bbed39869933119a967d3915

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  464cbaeeff1c358d206867396bfcb402f105574e62d403b81dc1e895f3675b46
- Size
  
  1.6MB
- MD5
  
  1b77c97f5da9633524d0741216d88717
- SHA1
  
  e70a75996905b45e495d0b9b5b17db0aa06ea94b
- SHA256
  
  464cbaeeff1c358d206867396bfcb402f105574e62d403b81dc1e895f3675b46
- SHA512
  
  56f1e17f8d705467a8c57c1e1976b8d58139f05acf91ac5586a46680632bea31a6472e217ed929c69e60456f7c44277728c88e09bbed39869933119a967d3915
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware