fakeav | ba4de393bfe6ecb7eb897c7fa6585dd1f5328b3dbb321821f5d451d95979f214 | Triage

Sharing

General

Target

ba4de393bfe6ecb7eb897c7fa6585dd1f5328b3dbb321821f5d451d95979f214
Size

711KB
Sample

220309-f1b5fsdhb4
MD5

00a3f98893a09e3d2d24b71d28c5b1ad
SHA1

a6c56cd9b3dfdf720b67fe88e32b34974bccf187
SHA256

ba4de393bfe6ecb7eb897c7fa6585dd1f5328b3dbb321821f5d451d95979f214
SHA512

b751392c6c08154ed49338214b61f9deb3dd2f56345c8758e98f3c3ec9f28d2b9f956359496f27921d175b3dca05be6251d076c25bf4d58a06fbcd92db0985dd

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  ba4de393bfe6ecb7eb897c7fa6585dd1f5328b3dbb321821f5d451d95979f214
- Size
  
  711KB
- MD5
  
  00a3f98893a09e3d2d24b71d28c5b1ad
- SHA1
  
  a6c56cd9b3dfdf720b67fe88e32b34974bccf187
- SHA256
  
  ba4de393bfe6ecb7eb897c7fa6585dd1f5328b3dbb321821f5d451d95979f214
- SHA512
  
  b751392c6c08154ed49338214b61f9deb3dd2f56345c8758e98f3c3ec9f28d2b9f956359496f27921d175b3dca05be6251d076c25bf4d58a06fbcd92db0985dd
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware