fakeav | 03027e10544db135a96449ee288f5f96e8f084e9ac674fd64ca11db77c8a0000 | Triage

Sharing

General

Target

03027e10544db135a96449ee288f5f96e8f084e9ac674fd64ca11db77c8a0000
Size

812KB
Sample

220225-hkj68sfce8
MD5

ae2625b2b29c3f0fba9ef88dc8d18eeb
SHA1

61613b693f7654f85dd78c9317ef81b046569a54
SHA256

03027e10544db135a96449ee288f5f96e8f084e9ac674fd64ca11db77c8a0000
SHA512

f1e3156fbdc049431b6fd71d6e4b9a1f2a1f4159e1500d22f9b85d5c094314740c6d9c934edd88922981e5eb7fe45b5b49a1953d83c8ef2d8e7d0e1c3e00af48

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  03027e10544db135a96449ee288f5f96e8f084e9ac674fd64ca11db77c8a0000
- Size
  
  812KB
- MD5
  
  ae2625b2b29c3f0fba9ef88dc8d18eeb
- SHA1
  
  61613b693f7654f85dd78c9317ef81b046569a54
- SHA256
  
  03027e10544db135a96449ee288f5f96e8f084e9ac674fd64ca11db77c8a0000
- SHA512
  
  f1e3156fbdc049431b6fd71d6e4b9a1f2a1f4159e1500d22f9b85d5c094314740c6d9c934edd88922981e5eb7fe45b5b49a1953d83c8ef2d8e7d0e1c3e00af48
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware