fakeav | e4a6d2029c14a2204b48435061d375b281120842fd749f9e7530373acea1068a | Triage

Sharing

General

Target

e4a6d2029c14a2204b48435061d375b281120842fd749f9e7530373acea1068a
Size

711KB
Sample

220309-et2absgbal
MD5

00eb557587c4c41da0e631336585c961
SHA1

7b5ea3616953aec2355dbca6a7502d226a0068cb
SHA256

e4a6d2029c14a2204b48435061d375b281120842fd749f9e7530373acea1068a
SHA512

5e775ceb565c4ca447d1edbd6fc21de03292d1ea916f12f4d9fed957bef8c410683b5b8e683f81f275fe9fd6eb42d7ff7102fbc59a810fb2fbb38a649fedb9cc

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  e4a6d2029c14a2204b48435061d375b281120842fd749f9e7530373acea1068a
- Size
  
  711KB
- MD5
  
  00eb557587c4c41da0e631336585c961
- SHA1
  
  7b5ea3616953aec2355dbca6a7502d226a0068cb
- SHA256
  
  e4a6d2029c14a2204b48435061d375b281120842fd749f9e7530373acea1068a
- SHA512
  
  5e775ceb565c4ca447d1edbd6fc21de03292d1ea916f12f4d9fed957bef8c410683b5b8e683f81f275fe9fd6eb42d7ff7102fbc59a810fb2fbb38a649fedb9cc
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware