fakeav | 11eafb957f056a19243d8b1773231ac58ba2ab7b347ad5e0245548af043acca8 | Triage

Sharing

General

Target

11eafb957f056a19243d8b1773231ac58ba2ab7b347ad5e0245548af043acca8
Size

711KB
Sample

220603-24g1rsgea4
MD5

5857782c5a961143e3181596cfc1be16
SHA1

332ba84a457a57ccefc53215020a3ff8d1cd686b
SHA256

11eafb957f056a19243d8b1773231ac58ba2ab7b347ad5e0245548af043acca8
SHA512

9dc0f75f4eedd6bc7f168e3db4a52a8272930550bcded59d9f133f60b629af7d9d01f613f51d3abed4ad6ad161dadca4013945ff85f833c9d23b695db3ff600e

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  11eafb957f056a19243d8b1773231ac58ba2ab7b347ad5e0245548af043acca8
- Size
  
  711KB
- MD5
  
  5857782c5a961143e3181596cfc1be16
- SHA1
  
  332ba84a457a57ccefc53215020a3ff8d1cd686b
- SHA256
  
  11eafb957f056a19243d8b1773231ac58ba2ab7b347ad5e0245548af043acca8
- SHA512
  
  9dc0f75f4eedd6bc7f168e3db4a52a8272930550bcded59d9f133f60b629af7d9d01f613f51d3abed4ad6ad161dadca4013945ff85f833c9d23b695db3ff600e
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware