fakeav | 1958e679684a1a075fec82d2b71b803aebc916609fb985963f88e49494fb8963 | Triage

Sharing

General

Target

1958e679684a1a075fec82d2b71b803aebc916609fb985963f88e49494fb8963
Size

711KB
Sample

220508-3rekjsdgan
MD5

007034c220146e9c506f20d5998d944b
SHA1

fa2bc38efc236a7c8cac05ce29bf807fa42712ce
SHA256

1958e679684a1a075fec82d2b71b803aebc916609fb985963f88e49494fb8963
SHA512

7ba98e9c3853bcec890829ab61296795a53e82eb6473e923b0fe9b51b38446f8f2d574cf05e704a59aac9f28c3fc8273a6c2ed996a29fa42c122744ce5799d52

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  1958e679684a1a075fec82d2b71b803aebc916609fb985963f88e49494fb8963
- Size
  
  711KB
- MD5
  
  007034c220146e9c506f20d5998d944b
- SHA1
  
  fa2bc38efc236a7c8cac05ce29bf807fa42712ce
- SHA256
  
  1958e679684a1a075fec82d2b71b803aebc916609fb985963f88e49494fb8963
- SHA512
  
  7ba98e9c3853bcec890829ab61296795a53e82eb6473e923b0fe9b51b38446f8f2d574cf05e704a59aac9f28c3fc8273a6c2ed996a29fa42c122744ce5799d52
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware