fakeav | f365038dfc175774ccaf518caf11e1d0dbddc96709ada172325ae090e5f2a723 | Triage

Sharing

General

Target

f365038dfc175774ccaf518caf11e1d0dbddc96709ada172325ae090e5f2a723
Size

711KB
Sample

210511-zd5zcvgaga
MD5

9e4f24f2c55228e72c7426d8df4659a3
SHA1

85a6c908a4e4b31c07c72dfd96f1c29e0f074cf6
SHA256

f365038dfc175774ccaf518caf11e1d0dbddc96709ada172325ae090e5f2a723
SHA512

54cef7af7753519f1088ecc66340f2ee50a06c61639770436450bd6a1490788e60070f0c6f99ba07ebe6c1621ae07208317ee94cba69ee45bd23c6b6b89790a7

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  f365038dfc175774ccaf518caf11e1d0dbddc96709ada172325ae090e5f2a723
- Size
  
  711KB
- MD5
  
  9e4f24f2c55228e72c7426d8df4659a3
- SHA1
  
  85a6c908a4e4b31c07c72dfd96f1c29e0f074cf6
- SHA256
  
  f365038dfc175774ccaf518caf11e1d0dbddc96709ada172325ae090e5f2a723
- SHA512
  
  54cef7af7753519f1088ecc66340f2ee50a06c61639770436450bd6a1490788e60070f0c6f99ba07ebe6c1621ae07208317ee94cba69ee45bd23c6b6b89790a7
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware