fakeav | 065f0e39d74bcce0cdfb4cddc9a1a287c4a9f3473152398b5f24e477f80ad361 | Triage

Resubmissions

11-05-2021 12:48

210511-32gzd4xhdj 10

11-05-2021 12:45

210511-vw3tn1wp3n 10

Sharing

General

Target

065f0e39d74bcce0cdfb4cddc9a1a287c4a9f3473152398b5f24e477f80ad361
Size

711KB
Sample

210511-vw3tn1wp3n
MD5

257108b962b0b824f0324915284b367b
SHA1

0361039a5b893b8789d5af611ddd68bef18c2bf0
SHA256

065f0e39d74bcce0cdfb4cddc9a1a287c4a9f3473152398b5f24e477f80ad361
SHA512

6d2560de16e1f6a75759722aabbf85c12022fee1fa2ba58e5ea1a72d6ba6557862ea3be299214ea2e04c2ca9e2e8f84567565db3fb38bce14b35c0ca93337950

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  065f0e39d74bcce0cdfb4cddc9a1a287c4a9f3473152398b5f24e477f80ad361
- Size
  
  711KB
- MD5
  
  257108b962b0b824f0324915284b367b
- SHA1
  
  0361039a5b893b8789d5af611ddd68bef18c2bf0
- SHA256
  
  065f0e39d74bcce0cdfb4cddc9a1a287c4a9f3473152398b5f24e477f80ad361
- SHA512
  
  6d2560de16e1f6a75759722aabbf85c12022fee1fa2ba58e5ea1a72d6ba6557862ea3be299214ea2e04c2ca9e2e8f84567565db3fb38bce14b35c0ca93337950
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware