fakeav | be5aaabf92f88403440358624b441487fc849db235cb1fad2984ed210432fb55 | Triage

Sharing

General

Target

be5aaabf92f88403440358624b441487fc849db235cb1fad2984ed210432fb55
Size

812KB
Sample

210509-kszawdz6ej
MD5

2bb681ebce8b99203e451c98475e6468
SHA1

b045d467e682b33b5f7f068aecb9620ad7910141
SHA256

be5aaabf92f88403440358624b441487fc849db235cb1fad2984ed210432fb55
SHA512

96bfb9506ac1b4d99d048978fe94ec801cddfffdc50817ea571d19a963a16b5e0e506dc7b341501b284e1d6d934654c87fed4901a9089a006b2b7f0cd361ac8b

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  be5aaabf92f88403440358624b441487fc849db235cb1fad2984ed210432fb55
- Size
  
  812KB
- MD5
  
  2bb681ebce8b99203e451c98475e6468
- SHA1
  
  b045d467e682b33b5f7f068aecb9620ad7910141
- SHA256
  
  be5aaabf92f88403440358624b441487fc849db235cb1fad2984ed210432fb55
- SHA512
  
  96bfb9506ac1b4d99d048978fe94ec801cddfffdc50817ea571d19a963a16b5e0e506dc7b341501b284e1d6d934654c87fed4901a9089a006b2b7f0cd361ac8b
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware