fakeav | d04566bf39853e15911a08dab89a1b02df58ecda71b2f8598f60ea193655ab0f | Triage

Sharing

General

Target

d04566bf39853e15911a08dab89a1b02df58ecda71b2f8598f60ea193655ab0f
Size

711KB
Sample

220309-feenfsdeh9
MD5

0109045c368c5e8d9144dd876d6d4e50
SHA1

981a1f5571e0a70ec8d8aa433b9927f73a880877
SHA256

d04566bf39853e15911a08dab89a1b02df58ecda71b2f8598f60ea193655ab0f
SHA512

e64cfe5f0923e403e7e9daeba0d7d8d7b79d6b3183f9b00a1e6a2ddf2cd9597bd3f8b987f6d9b39420cd39ff7293a4d6e32c0a0fd6cdd2d9bd6ce867f2f465ed

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  d04566bf39853e15911a08dab89a1b02df58ecda71b2f8598f60ea193655ab0f
- Size
  
  711KB
- MD5
  
  0109045c368c5e8d9144dd876d6d4e50
- SHA1
  
  981a1f5571e0a70ec8d8aa433b9927f73a880877
- SHA256
  
  d04566bf39853e15911a08dab89a1b02df58ecda71b2f8598f60ea193655ab0f
- SHA512
  
  e64cfe5f0923e403e7e9daeba0d7d8d7b79d6b3183f9b00a1e6a2ddf2cd9597bd3f8b987f6d9b39420cd39ff7293a4d6e32c0a0fd6cdd2d9bd6ce867f2f465ed
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware