fakeav | a981cbb8fb24e2f1b71a17fcd7e8626ee4708fa770e5f71eb68ff1c75348aeab | Triage

Sharing

General

Target

a981cbb8fb24e2f1b71a17fcd7e8626ee4708fa770e5f71eb68ff1c75348aeab
Size

711KB
Sample

210511-f91gsdfb5e
MD5

f58cbd9eb7a42f7b0fda1d9d1dc598f1
SHA1

e45ac68b45a90348b550a7be5ac7ab7d7e837398
SHA256

a981cbb8fb24e2f1b71a17fcd7e8626ee4708fa770e5f71eb68ff1c75348aeab
SHA512

05b8ff8e36d93fd02f8b3d4e0059a2d0ea6ccce8e69dbe7545f4cff5866f1dee73593850c755474e2a39e13d407a006b0cfc4cb61e21243f166ce12f2475f931

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  a981cbb8fb24e2f1b71a17fcd7e8626ee4708fa770e5f71eb68ff1c75348aeab
- Size
  
  711KB
- MD5
  
  f58cbd9eb7a42f7b0fda1d9d1dc598f1
- SHA1
  
  e45ac68b45a90348b550a7be5ac7ab7d7e837398
- SHA256
  
  a981cbb8fb24e2f1b71a17fcd7e8626ee4708fa770e5f71eb68ff1c75348aeab
- SHA512
  
  05b8ff8e36d93fd02f8b3d4e0059a2d0ea6ccce8e69dbe7545f4cff5866f1dee73593850c755474e2a39e13d407a006b0cfc4cb61e21243f166ce12f2475f931
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware