fakeav | fe0c6e6f3e70fb99745cd6a1ed1eacb1995b42a3a3acdd3b1b6d3d71d5d540e8 | Triage

Sharing

General

Target

fe0c6e6f3e70fb99745cd6a1ed1eacb1995b42a3a3acdd3b1b6d3d71d5d540e8
Size

711KB
Sample

220507-zw6ytahcdk
MD5

000bf3b287627b77443d9fa041356389
SHA1

6a4009e1422a053a65bdea4112ad713aa1db4ce6
SHA256

fe0c6e6f3e70fb99745cd6a1ed1eacb1995b42a3a3acdd3b1b6d3d71d5d540e8
SHA512

5395ad76f05efd4f949dd7fb64fc9b3f809762b75f1e095bdf5d251b1bc025f483e72408f2fb61681df4906915df72f043fe900d95ec85d3c4614126d8845141

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  fe0c6e6f3e70fb99745cd6a1ed1eacb1995b42a3a3acdd3b1b6d3d71d5d540e8
- Size
  
  711KB
- MD5
  
  000bf3b287627b77443d9fa041356389
- SHA1
  
  6a4009e1422a053a65bdea4112ad713aa1db4ce6
- SHA256
  
  fe0c6e6f3e70fb99745cd6a1ed1eacb1995b42a3a3acdd3b1b6d3d71d5d540e8
- SHA512
  
  5395ad76f05efd4f949dd7fb64fc9b3f809762b75f1e095bdf5d251b1bc025f483e72408f2fb61681df4906915df72f043fe900d95ec85d3c4614126d8845141
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware