fakeav | 0eec1ca88ec701aa6ed38e4e6a0b98d91f2c51a2bae5d758c5411e7b21279bf0 | Triage

Sharing

General

Target

0eec1ca88ec701aa6ed38e4e6a0b98d91f2c51a2bae5d758c5411e7b21279bf0
Size

6.9MB
Sample

220327-fvfkpadef8
MD5

010c34f98c7322db5d9a7523218489f7
SHA1

b6262f45bf10972dc67979d3f9cf95e619259789
SHA256

0eec1ca88ec701aa6ed38e4e6a0b98d91f2c51a2bae5d758c5411e7b21279bf0
SHA512

4b907f14a4ad67ee98b2002567cd544e1aa683e82c67dc45464d98a9ef7b12e92b519fb55c86ca34d0076b5860be239e1cb7470394692491d89c79b879f03999

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  0eec1ca88ec701aa6ed38e4e6a0b98d91f2c51a2bae5d758c5411e7b21279bf0
- Size
  
  6.9MB
- MD5
  
  010c34f98c7322db5d9a7523218489f7
- SHA1
  
  b6262f45bf10972dc67979d3f9cf95e619259789
- SHA256
  
  0eec1ca88ec701aa6ed38e4e6a0b98d91f2c51a2bae5d758c5411e7b21279bf0
- SHA512
  
  4b907f14a4ad67ee98b2002567cd544e1aa683e82c67dc45464d98a9ef7b12e92b519fb55c86ca34d0076b5860be239e1cb7470394692491d89c79b879f03999
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware