fakeav | f1f3c329f94ff158a4de98e7b02caac2e900cd2a2c0419f5e96dbd28ea34cd94 | Triage

Sharing

General

Target

f1f3c329f94ff158a4de98e7b02caac2e900cd2a2c0419f5e96dbd28ea34cd94
Size

812KB
Sample

210508-gje41kg52j
MD5

cf42a20b6911b0ed95b3856c792fe94a
SHA1

801c7f2d1326fa2b03aec5cd65630ad2ae4b252b
SHA256

f1f3c329f94ff158a4de98e7b02caac2e900cd2a2c0419f5e96dbd28ea34cd94
SHA512

ebbff1a1c2614d958973eb1b9b8b7f8ef2848e4dc276e7e886b24008a1bf73ae22df0be8d80a10e2dcbec52c5df2a1539ed44298aba689079248132a5556502c

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  f1f3c329f94ff158a4de98e7b02caac2e900cd2a2c0419f5e96dbd28ea34cd94
- Size
  
  812KB
- MD5
  
  cf42a20b6911b0ed95b3856c792fe94a
- SHA1
  
  801c7f2d1326fa2b03aec5cd65630ad2ae4b252b
- SHA256
  
  f1f3c329f94ff158a4de98e7b02caac2e900cd2a2c0419f5e96dbd28ea34cd94
- SHA512
  
  ebbff1a1c2614d958973eb1b9b8b7f8ef2848e4dc276e7e886b24008a1bf73ae22df0be8d80a10e2dcbec52c5df2a1539ed44298aba689079248132a5556502c
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware