fakeav | 1baab834cca89056db8f936e2f3e20108363eacc40ba629480e43277da60e634 | Triage

Sharing

General

Target

1baab834cca89056db8f936e2f3e20108363eacc40ba629480e43277da60e634
Size

711KB
Sample

220309-lda7jagae2
MD5

00d139a33c0626d2c987d22c21f37171
SHA1

3e55cfeed36c2f36952e0025aa5f56e3fcef027e
SHA256

1baab834cca89056db8f936e2f3e20108363eacc40ba629480e43277da60e634
SHA512

48909d342511f0e11f3cdd53b5bea1982ee12e3c81ecdb62b730cb1cfc637d441f4a1df3c0108f6c1cf44a04512ec94ff4d6e5f13b059cc67212028660a066c5

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  1baab834cca89056db8f936e2f3e20108363eacc40ba629480e43277da60e634
- Size
  
  711KB
- MD5
  
  00d139a33c0626d2c987d22c21f37171
- SHA1
  
  3e55cfeed36c2f36952e0025aa5f56e3fcef027e
- SHA256
  
  1baab834cca89056db8f936e2f3e20108363eacc40ba629480e43277da60e634
- SHA512
  
  48909d342511f0e11f3cdd53b5bea1982ee12e3c81ecdb62b730cb1cfc637d441f4a1df3c0108f6c1cf44a04512ec94ff4d6e5f13b059cc67212028660a066c5
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware