fakeav | 4ab762cafba773df75db301c03a6954c22e7bbbd40ea57cc809931feef64c908 | Triage

Sharing

General

Target

4ab762cafba773df75db301c03a6954c22e7bbbd40ea57cc809931feef64c908
Size

711KB
Sample

220301-h4sygsacfq
MD5

6d294bc8da276dc986f047130e11d6bc
SHA1

ba64def24e9db7f310e5d43d967b3d4093ef68d8
SHA256

4ab762cafba773df75db301c03a6954c22e7bbbd40ea57cc809931feef64c908
SHA512

0a7383bb3f7f28c7db7839323c90c2aa8c3b70eb3601f1736206d427929f0df3d29d42e2991bec11dcd773d83570227493684ebf77316aed1a31da1771bb2ce0

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  4ab762cafba773df75db301c03a6954c22e7bbbd40ea57cc809931feef64c908
- Size
  
  711KB
- MD5
  
  6d294bc8da276dc986f047130e11d6bc
- SHA1
  
  ba64def24e9db7f310e5d43d967b3d4093ef68d8
- SHA256
  
  4ab762cafba773df75db301c03a6954c22e7bbbd40ea57cc809931feef64c908
- SHA512
  
  0a7383bb3f7f28c7db7839323c90c2aa8c3b70eb3601f1736206d427929f0df3d29d42e2991bec11dcd773d83570227493684ebf77316aed1a31da1771bb2ce0
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware