fakeav | cbd36d0c8cd7ba58cdcec143ed1c672b20198af546f2620b33b3f3df2dbee768 | Triage

Sharing

General

Target

cbd36d0c8cd7ba58cdcec143ed1c672b20198af546f2620b33b3f3df2dbee768
Size

711KB
Sample

220508-hd2spscefk
MD5

00ae21fa79d5f60b4b1f60fd233b5e31
SHA1

0f9e51a463fcc2df08f68e36f8f4c4c10bef82dc
SHA256

cbd36d0c8cd7ba58cdcec143ed1c672b20198af546f2620b33b3f3df2dbee768
SHA512

94b9ea7a68f0da591b68f267c04ca361a6ee3b66d663367b2ee158c6679b60abb49986a7eb3509466aebec578727ccb22f537f0d4b4053f80de2b159e92e706b

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  cbd36d0c8cd7ba58cdcec143ed1c672b20198af546f2620b33b3f3df2dbee768
- Size
  
  711KB
- MD5
  
  00ae21fa79d5f60b4b1f60fd233b5e31
- SHA1
  
  0f9e51a463fcc2df08f68e36f8f4c4c10bef82dc
- SHA256
  
  cbd36d0c8cd7ba58cdcec143ed1c672b20198af546f2620b33b3f3df2dbee768
- SHA512
  
  94b9ea7a68f0da591b68f267c04ca361a6ee3b66d663367b2ee158c6679b60abb49986a7eb3509466aebec578727ccb22f537f0d4b4053f80de2b159e92e706b
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware