fakeav | e8a1ea19dd90a86bffd7161dbcbad96ef7604517bdf90e2a78102eed4a70dc74 | Triage

Sharing

General

Target

e8a1ea19dd90a86bffd7161dbcbad96ef7604517bdf90e2a78102eed4a70dc74
Size

1.6MB
Sample

210509-ntkqy85cs6
MD5

23a1cfc71e3ce5c9b96a059cea03f194
SHA1

1c16f803fd115599f4d2c2322e009a8d38061c88
SHA256

e8a1ea19dd90a86bffd7161dbcbad96ef7604517bdf90e2a78102eed4a70dc74
SHA512

c499ee2194b18e91a37a3777c69872024438fdfdae97ec8c19b991d4eeaf0b35dbff7ece64b53146bab0e2a841161d3bb3ade4263d27621d977e15164a7957cf

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  e8a1ea19dd90a86bffd7161dbcbad96ef7604517bdf90e2a78102eed4a70dc74
- Size
  
  1.6MB
- MD5
  
  23a1cfc71e3ce5c9b96a059cea03f194
- SHA1
  
  1c16f803fd115599f4d2c2322e009a8d38061c88
- SHA256
  
  e8a1ea19dd90a86bffd7161dbcbad96ef7604517bdf90e2a78102eed4a70dc74
- SHA512
  
  c499ee2194b18e91a37a3777c69872024438fdfdae97ec8c19b991d4eeaf0b35dbff7ece64b53146bab0e2a841161d3bb3ade4263d27621d977e15164a7957cf
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware