fakeav | 40185de4b80e4a8d77d875162096ee777f2b48a7084ac3ba04c0d9ed85448c1f | Triage

Sharing

General

Target

40185de4b80e4a8d77d875162096ee777f2b48a7084ac3ba04c0d9ed85448c1f
Size

812KB
Sample

210509-m3n32rvpln
MD5

ecb850fa40e860bce870f9b26e66c32b
SHA1

4319104cac3100b9c763f914cd53b0ec090d4557
SHA256

40185de4b80e4a8d77d875162096ee777f2b48a7084ac3ba04c0d9ed85448c1f
SHA512

b658d5861f6a733326d063b2c66aa9db162b895cf2fc6ee77e8680f897eebfa6ae71df91ab31e2f6b459e87d4e75155411556bb89bd990e33baddff4316ef503

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  40185de4b80e4a8d77d875162096ee777f2b48a7084ac3ba04c0d9ed85448c1f
- Size
  
  812KB
- MD5
  
  ecb850fa40e860bce870f9b26e66c32b
- SHA1
  
  4319104cac3100b9c763f914cd53b0ec090d4557
- SHA256
  
  40185de4b80e4a8d77d875162096ee777f2b48a7084ac3ba04c0d9ed85448c1f
- SHA512
  
  b658d5861f6a733326d063b2c66aa9db162b895cf2fc6ee77e8680f897eebfa6ae71df91ab31e2f6b459e87d4e75155411556bb89bd990e33baddff4316ef503
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware