fakeav | efc461295d948dc8a0ca95620f9f4a2f2cec4e521b23d66d688cb8ba18ba88bb | Triage

Sharing

General

Target

efc461295d948dc8a0ca95620f9f4a2f2cec4e521b23d66d688cb8ba18ba88bb
Size

711KB
Sample

210518-7355g46hhn
MD5

41ead8ae1510b4bec7afcd3c514ce264
SHA1

efd9b835ac3a9e9fc411266d7ac9f75c91f9c42a
SHA256

efc461295d948dc8a0ca95620f9f4a2f2cec4e521b23d66d688cb8ba18ba88bb
SHA512

00f1a9a4632c655c1b8897feaa3b7444542b550dff9b78d3f253232a79821568223fe391f2342437d00f8d64d9b960553def5fb2248995cc9046c4006a699ee2

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  efc461295d948dc8a0ca95620f9f4a2f2cec4e521b23d66d688cb8ba18ba88bb
- Size
  
  711KB
- MD5
  
  41ead8ae1510b4bec7afcd3c514ce264
- SHA1
  
  efd9b835ac3a9e9fc411266d7ac9f75c91f9c42a
- SHA256
  
  efc461295d948dc8a0ca95620f9f4a2f2cec4e521b23d66d688cb8ba18ba88bb
- SHA512
  
  00f1a9a4632c655c1b8897feaa3b7444542b550dff9b78d3f253232a79821568223fe391f2342437d00f8d64d9b960553def5fb2248995cc9046c4006a699ee2
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware