fakeav | bc4e3205fd8f82aa435a4a340c6e297b178eca97539b9086b2ccd6d858cf5051 | Triage

Sharing

General

Target

bc4e3205fd8f82aa435a4a340c6e297b178eca97539b9086b2ccd6d858cf5051
Size

711KB
Sample

210509-kamgx41qqx
MD5

fb4324105b8a7af417163d6204a695b9
SHA1

d266ff18e1603afb8e5e3eb8c5767746e40d2a16
SHA256

bc4e3205fd8f82aa435a4a340c6e297b178eca97539b9086b2ccd6d858cf5051
SHA512

572fa4a03354540d8fd32113d2cfca69256c76d0cabd619bbf3b0715d6bc642cf4d545149af492a857458a3d92337bdf8b391bbdaabab4698d698eebf3b43a0f

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  bc4e3205fd8f82aa435a4a340c6e297b178eca97539b9086b2ccd6d858cf5051
- Size
  
  711KB
- MD5
  
  fb4324105b8a7af417163d6204a695b9
- SHA1
  
  d266ff18e1603afb8e5e3eb8c5767746e40d2a16
- SHA256
  
  bc4e3205fd8f82aa435a4a340c6e297b178eca97539b9086b2ccd6d858cf5051
- SHA512
  
  572fa4a03354540d8fd32113d2cfca69256c76d0cabd619bbf3b0715d6bc642cf4d545149af492a857458a3d92337bdf8b391bbdaabab4698d698eebf3b43a0f
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware