fakeav | eb0c422644a48a7c2a5c97beef3880582160cd99aa28eec91bed2913569595fc | Triage

Sharing

General

Target

0d8edf024270ce15befa0357bfd1cfd9_JaffaCakes118
Size

27.8MB
Sample

240502-fj1rgshd4v
MD5

0d8edf024270ce15befa0357bfd1cfd9
SHA1

90e067f156bc0b21d27d9ad0849c3f1135e93ace
SHA256

eb0c422644a48a7c2a5c97beef3880582160cd99aa28eec91bed2913569595fc
SHA512

79f835e2726f59956c2ed1634defa769adc61709066a4b0c8724f1f0d9f6d978378feb506db47b68cca07c1f487433eb93fed4b25bf88f1c4519b04fd2acbb97
SSDEEP

393216:kQ8+o2u0GYbvCmNIhPCb4K1IkBts/mvdLqFF0qrQ:

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  0d8edf024270ce15befa0357bfd1cfd9_JaffaCakes118
- Size
  
  27.8MB
- MD5
  
  0d8edf024270ce15befa0357bfd1cfd9
- SHA1
  
  90e067f156bc0b21d27d9ad0849c3f1135e93ace
- SHA256
  
  eb0c422644a48a7c2a5c97beef3880582160cd99aa28eec91bed2913569595fc
- SHA512
  
  79f835e2726f59956c2ed1634defa769adc61709066a4b0c8724f1f0d9f6d978378feb506db47b68cca07c1f487433eb93fed4b25bf88f1c4519b04fd2acbb97
- SSDEEP
  
  393216:kQ8+o2u0GYbvCmNIhPCb4K1IkBts/mvdLqFF0qrQ:
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware