fakeav | 35a6f62a8d341f6ec6697ded498e51665237186a264da8ea3ac661740d5868f9 | Triage

Sharing

General

Target

35a6f62a8d341f6ec6697ded498e51665237186a264da8ea3ac661740d5868f9
Size

1.6MB
Sample

210509-vk21mzp4qn
MD5

21beb95624a143b113992c6dd4ca84ab
SHA1

227fb178281b8b6f518acdd0297e7b447c9fc5fe
SHA256

35a6f62a8d341f6ec6697ded498e51665237186a264da8ea3ac661740d5868f9
SHA512

d3d3b6a8d727cf077e0c9c59b6e32bc48663bec7bc7190a66829b573e0770dbd30ca4954a4ed85c8bf94c637316b28c97c9b8afcedc7c1d553c4f6280db7c8d7

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  35a6f62a8d341f6ec6697ded498e51665237186a264da8ea3ac661740d5868f9
- Size
  
  1.6MB
- MD5
  
  21beb95624a143b113992c6dd4ca84ab
- SHA1
  
  227fb178281b8b6f518acdd0297e7b447c9fc5fe
- SHA256
  
  35a6f62a8d341f6ec6697ded498e51665237186a264da8ea3ac661740d5868f9
- SHA512
  
  d3d3b6a8d727cf077e0c9c59b6e32bc48663bec7bc7190a66829b573e0770dbd30ca4954a4ed85c8bf94c637316b28c97c9b8afcedc7c1d553c4f6280db7c8d7
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware