fakeav | 435afbfcb57064fc9277cf00a8a79d1de60f55cc903eb7d7ce6d447ac33e1f5a | Triage

Sharing

General

Target

435afbfcb57064fc9277cf00a8a79d1de60f55cc903eb7d7ce6d447ac33e1f5a
Size

711KB
Sample

220508-fjyl5afee3
MD5

0253048ee93c4c08409c9e557c11d6a3
SHA1

df6ef13528a2f2f8d2bb8f52aaf45f5030290c89
SHA256

435afbfcb57064fc9277cf00a8a79d1de60f55cc903eb7d7ce6d447ac33e1f5a
SHA512

65156a93ae4cf8b9a786b95c79b4aa8bef62a01f72853c0946923ccfaa13fdb80179f30ec1d064b09711e4ef66b1a16669605301822236ed33cda3cfb0e7e9e0

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  435afbfcb57064fc9277cf00a8a79d1de60f55cc903eb7d7ce6d447ac33e1f5a
- Size
  
  711KB
- MD5
  
  0253048ee93c4c08409c9e557c11d6a3
- SHA1
  
  df6ef13528a2f2f8d2bb8f52aaf45f5030290c89
- SHA256
  
  435afbfcb57064fc9277cf00a8a79d1de60f55cc903eb7d7ce6d447ac33e1f5a
- SHA512
  
  65156a93ae4cf8b9a786b95c79b4aa8bef62a01f72853c0946923ccfaa13fdb80179f30ec1d064b09711e4ef66b1a16669605301822236ed33cda3cfb0e7e9e0
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware