fakeav | 1b8841a6a58e5c918c9de2b1383478d7fe7323db0be05e6bfaa91650bf916f46 | Triage

Sharing

General

Target

1b8841a6a58e5c918c9de2b1383478d7fe7323db0be05e6bfaa91650bf916f46
Size

711KB
Sample

210508-r1zvje28f2
MD5

9da7a8b5ff85ac1801225dcbb8ce4882
SHA1

ae9b0037bfa15632183b3c2b74d74c886b3df192
SHA256

1b8841a6a58e5c918c9de2b1383478d7fe7323db0be05e6bfaa91650bf916f46
SHA512

151e5f4282d614448beaa4241bb067e120616e8cfe46e9f2791a0e05995685833e0bbc2868b464ddb302f227536b297a5215efb62b2d4b4d8bcd56ffd12f1e5c

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  1b8841a6a58e5c918c9de2b1383478d7fe7323db0be05e6bfaa91650bf916f46
- Size
  
  711KB
- MD5
  
  9da7a8b5ff85ac1801225dcbb8ce4882
- SHA1
  
  ae9b0037bfa15632183b3c2b74d74c886b3df192
- SHA256
  
  1b8841a6a58e5c918c9de2b1383478d7fe7323db0be05e6bfaa91650bf916f46
- SHA512
  
  151e5f4282d614448beaa4241bb067e120616e8cfe46e9f2791a0e05995685833e0bbc2868b464ddb302f227536b297a5215efb62b2d4b4d8bcd56ffd12f1e5c
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware