fakeav | fed75b2c04e61ca3d493e395fdb983d0b087d664acac80007a4d5bf6d3b9e383 | Triage

Sharing

General

Target

fed75b2c04e61ca3d493e395fdb983d0b087d664acac80007a4d5bf6d3b9e383
Size

1.6MB
Sample

210509-91b26cfn8a
MD5

a02cca2a2b6923ccf73c425d70b73a0b
SHA1

309e6957504f182678549d0bc05b1581306b2b71
SHA256

fed75b2c04e61ca3d493e395fdb983d0b087d664acac80007a4d5bf6d3b9e383
SHA512

8e77bdc5e040c69a06614ebff158dbcb43ac212c8ddfc9a8dd71e57c11626aaf5fff65c9d2cfc8d0ecc7a86a23576146392fba61f77505b82e7c1accfeef8e17

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  fed75b2c04e61ca3d493e395fdb983d0b087d664acac80007a4d5bf6d3b9e383
- Size
  
  1.6MB
- MD5
  
  a02cca2a2b6923ccf73c425d70b73a0b
- SHA1
  
  309e6957504f182678549d0bc05b1581306b2b71
- SHA256
  
  fed75b2c04e61ca3d493e395fdb983d0b087d664acac80007a4d5bf6d3b9e383
- SHA512
  
  8e77bdc5e040c69a06614ebff158dbcb43ac212c8ddfc9a8dd71e57c11626aaf5fff65c9d2cfc8d0ecc7a86a23576146392fba61f77505b82e7c1accfeef8e17
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware