fakeav | 65d63e7bdf11bf8b05fc29cbb8e7aa43bb116fbcc9fc7ab191c24452125a7f9e | Triage

Sharing

General

Target

65d63e7bdf11bf8b05fc29cbb8e7aa43bb116fbcc9fc7ab191c24452125a7f9e
Size

1.6MB
Sample

220301-faqj6aheel
MD5

7565499c160eae8c09f327e8bcab387f
SHA1

38070cc631c99f81c2c0ba05a44f0c23503fb96f
SHA256

65d63e7bdf11bf8b05fc29cbb8e7aa43bb116fbcc9fc7ab191c24452125a7f9e
SHA512

933f7f32f454eac21c1a24b8b576d22f4dcc8a479085e9c6b849f4c94fb415efa1aaeed93d8d2797faaf28bb9e07133bcd02d35d57c8c8d2179ee695dc9c22e8

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  65d63e7bdf11bf8b05fc29cbb8e7aa43bb116fbcc9fc7ab191c24452125a7f9e
- Size
  
  1.6MB
- MD5
  
  7565499c160eae8c09f327e8bcab387f
- SHA1
  
  38070cc631c99f81c2c0ba05a44f0c23503fb96f
- SHA256
  
  65d63e7bdf11bf8b05fc29cbb8e7aa43bb116fbcc9fc7ab191c24452125a7f9e
- SHA512
  
  933f7f32f454eac21c1a24b8b576d22f4dcc8a479085e9c6b849f4c94fb415efa1aaeed93d8d2797faaf28bb9e07133bcd02d35d57c8c8d2179ee695dc9c22e8
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware