fakeav | ff0e73af8360461cc6e8325e3235a6daf85b94c103a4c96ec7c311e182e9225c | Triage

Sharing

General

Target

ff0e73af8360461cc6e8325e3235a6daf85b94c103a4c96ec7c311e182e9225c
Size

1.6MB
Sample

210518-vrxeh2hv3s
MD5

a07b6296c1058f7eca56ebcf82b12197
SHA1

0a5ad9c772b9ea0d0deeff77ca8d1b4305e782e3
SHA256

ff0e73af8360461cc6e8325e3235a6daf85b94c103a4c96ec7c311e182e9225c
SHA512

d303c759027c4c6cdcf1ed226126eb44a9756d31fd502f586038af0d49a0e881a63e1ac5bed678d24648edc4d691ab5259ec2cd91174c356b5591f27014f1ed8

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  ff0e73af8360461cc6e8325e3235a6daf85b94c103a4c96ec7c311e182e9225c
- Size
  
  1.6MB
- MD5
  
  a07b6296c1058f7eca56ebcf82b12197
- SHA1
  
  0a5ad9c772b9ea0d0deeff77ca8d1b4305e782e3
- SHA256
  
  ff0e73af8360461cc6e8325e3235a6daf85b94c103a4c96ec7c311e182e9225c
- SHA512
  
  d303c759027c4c6cdcf1ed226126eb44a9756d31fd502f586038af0d49a0e881a63e1ac5bed678d24648edc4d691ab5259ec2cd91174c356b5591f27014f1ed8
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware