fakeav | e0af7eb4745241e894851f0f6ed7030d58f02c33576a425b97cd74ca948242fa | Triage

Sharing

General

Target

e0af7eb4745241e894851f0f6ed7030d58f02c33576a425b97cd74ca948242fa
Size

711KB
Sample

220508-dh2w2sgefr
MD5

0188eef9f50b150d464a14be8c2ca421
SHA1

71d2c62e4afb1cdf869abfc1807eeb86c7672a47
SHA256

e0af7eb4745241e894851f0f6ed7030d58f02c33576a425b97cd74ca948242fa
SHA512

9859c89a80a2abc8894451c4a8709a1ec3b669e8104246faf1eab4a7094c6aec425aa8ef7d2e07cbae126557fd8c1669d1fa02a721c2026b29182d03e6785ff1

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  e0af7eb4745241e894851f0f6ed7030d58f02c33576a425b97cd74ca948242fa
- Size
  
  711KB
- MD5
  
  0188eef9f50b150d464a14be8c2ca421
- SHA1
  
  71d2c62e4afb1cdf869abfc1807eeb86c7672a47
- SHA256
  
  e0af7eb4745241e894851f0f6ed7030d58f02c33576a425b97cd74ca948242fa
- SHA512
  
  9859c89a80a2abc8894451c4a8709a1ec3b669e8104246faf1eab4a7094c6aec425aa8ef7d2e07cbae126557fd8c1669d1fa02a721c2026b29182d03e6785ff1
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware