fakeav | 2623a1f4d41909ef14e73f14c0cbe72e041dbee6c5774256d99d9b40d0d870bb | Triage

Sharing

General

Target

2623a1f4d41909ef14e73f14c0cbe72e041dbee6c5774256d99d9b40d0d870bb
Size

711KB
Sample

220616-lhafssfdc7
MD5

7133a9bf9f9b3e437d0c99fd6255f56f
SHA1

01a4fcf05af83a8463a7690f1fd9a8c5bcc9f928
SHA256

2623a1f4d41909ef14e73f14c0cbe72e041dbee6c5774256d99d9b40d0d870bb
SHA512

fc03d744af720f29b6d1249209bea4a58c71cae73dd1571dce1f5ddff215b7fa1443af71c87c9b9143b322aff7eee0ae1d066bf4160570728006123f4204666d

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  2623a1f4d41909ef14e73f14c0cbe72e041dbee6c5774256d99d9b40d0d870bb
- Size
  
  711KB
- MD5
  
  7133a9bf9f9b3e437d0c99fd6255f56f
- SHA1
  
  01a4fcf05af83a8463a7690f1fd9a8c5bcc9f928
- SHA256
  
  2623a1f4d41909ef14e73f14c0cbe72e041dbee6c5774256d99d9b40d0d870bb
- SHA512
  
  fc03d744af720f29b6d1249209bea4a58c71cae73dd1571dce1f5ddff215b7fa1443af71c87c9b9143b322aff7eee0ae1d066bf4160570728006123f4204666d
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware