fakeav | 613b0fad3020fdaf74a1f8404f9040ca2db38457b1ee7078c7e24e8e87c268b1 | Triage

Sharing

General

Target

613b0fad3020fdaf74a1f8404f9040ca2db38457b1ee7078c7e24e8e87c268b1
Size

812KB
Sample

210511-sjy44s6f9s
MD5

e9764667576a35a9cb3c0a8c514a9862
SHA1

18a37fc4b8c915f0ca04b8b7ae922569bde95959
SHA256

613b0fad3020fdaf74a1f8404f9040ca2db38457b1ee7078c7e24e8e87c268b1
SHA512

60eb63cc59fc31e8c761b2b57aaa414df74dcf726f53245957161a57678dc36c85235d344d89ceaf6f7efb7e2a5db0d478d9662eaef0a4ef767ce4b34a223cde

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  613b0fad3020fdaf74a1f8404f9040ca2db38457b1ee7078c7e24e8e87c268b1
- Size
  
  812KB
- MD5
  
  e9764667576a35a9cb3c0a8c514a9862
- SHA1
  
  18a37fc4b8c915f0ca04b8b7ae922569bde95959
- SHA256
  
  613b0fad3020fdaf74a1f8404f9040ca2db38457b1ee7078c7e24e8e87c268b1
- SHA512
  
  60eb63cc59fc31e8c761b2b57aaa414df74dcf726f53245957161a57678dc36c85235d344d89ceaf6f7efb7e2a5db0d478d9662eaef0a4ef767ce4b34a223cde
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware