fakeav | cb4c08e602daa7148384b9516847119e6512c0788a1c64ee4bd93f23131aa9b9 | Triage

Sharing

General

Target

cb4c08e602daa7148384b9516847119e6512c0788a1c64ee4bd93f23131aa9b9
Size

711KB
Sample

220309-fjpdfsdfe7
MD5

00bcbc40e6a81fb815f9ec9385ef377d
SHA1

bc30e3b70dd40eff87015551e4947ad604af35bf
SHA256

cb4c08e602daa7148384b9516847119e6512c0788a1c64ee4bd93f23131aa9b9
SHA512

3964c5f4aebb00126ee4318bb9ea79cf58b17788b5c2094509d6d794519ab6ef58ec3c604b69b3163a9861e3ef8bc1e66bcc8072e31a837681945b839029e008

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  cb4c08e602daa7148384b9516847119e6512c0788a1c64ee4bd93f23131aa9b9
- Size
  
  711KB
- MD5
  
  00bcbc40e6a81fb815f9ec9385ef377d
- SHA1
  
  bc30e3b70dd40eff87015551e4947ad604af35bf
- SHA256
  
  cb4c08e602daa7148384b9516847119e6512c0788a1c64ee4bd93f23131aa9b9
- SHA512
  
  3964c5f4aebb00126ee4318bb9ea79cf58b17788b5c2094509d6d794519ab6ef58ec3c604b69b3163a9861e3ef8bc1e66bcc8072e31a837681945b839029e008
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware