fakeav | bd10b920faa010421cb27bdb488f2a172a200292346fcca829d447d6eb05dd9c | Triage

Sharing

General

Target

bd10b920faa010421cb27bdb488f2a172a200292346fcca829d447d6eb05dd9c
Size

711KB
Sample

220507-zhrlzaggdr
MD5

0140d6ee9b65bb151f3c5a3ccfca6bd7
SHA1

d69ba26c001e7a7447b5c1da7c4306f0199f5350
SHA256

bd10b920faa010421cb27bdb488f2a172a200292346fcca829d447d6eb05dd9c
SHA512

23f64058f26e6bc3e2d42829225311ecad529b584422854c88737eae520cd5d607d349ed8b62d88fe0244ce5ccc73a23aebce06dbf0497d7cc3353281ac19adb

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  bd10b920faa010421cb27bdb488f2a172a200292346fcca829d447d6eb05dd9c
- Size
  
  711KB
- MD5
  
  0140d6ee9b65bb151f3c5a3ccfca6bd7
- SHA1
  
  d69ba26c001e7a7447b5c1da7c4306f0199f5350
- SHA256
  
  bd10b920faa010421cb27bdb488f2a172a200292346fcca829d447d6eb05dd9c
- SHA512
  
  23f64058f26e6bc3e2d42829225311ecad529b584422854c88737eae520cd5d607d349ed8b62d88fe0244ce5ccc73a23aebce06dbf0497d7cc3353281ac19adb
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware