fakeav | 11195da79d009365db96759c95531a81a0bfb44ff1464ee8eaea288d546d8913 | Triage

Sharing

General

Target

11195da79d009365db96759c95531a81a0bfb44ff1464ee8eaea288d546d8913
Size

6.3MB
Sample

220604-lfxhjshed8
MD5

8c99974c963ef67fb2e3cc4b7f592f92
SHA1

74e0fb923482d4cc896c8cf666b90a098bcfa332
SHA256

11195da79d009365db96759c95531a81a0bfb44ff1464ee8eaea288d546d8913
SHA512

52303843cc6d43127a0724f692909c63ee9e43c3297beac029c32828a95eaf29e5b41788a7c10f356c45dc73fa8044793c808267451c9e78d3e03cb80324f98b

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  11195da79d009365db96759c95531a81a0bfb44ff1464ee8eaea288d546d8913
- Size
  
  6.3MB
- MD5
  
  8c99974c963ef67fb2e3cc4b7f592f92
- SHA1
  
  74e0fb923482d4cc896c8cf666b90a098bcfa332
- SHA256
  
  11195da79d009365db96759c95531a81a0bfb44ff1464ee8eaea288d546d8913
- SHA512
  
  52303843cc6d43127a0724f692909c63ee9e43c3297beac029c32828a95eaf29e5b41788a7c10f356c45dc73fa8044793c808267451c9e78d3e03cb80324f98b
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware