fakeav | f29820e552e38a55315df845e594b2bd778ff5054911e88d76606df26719808f | Triage

Sharing

General

Target

84a0ef6284a972507f1954bccb2ba280_NEIKI
Size

4.2MB
Sample

240508-2qd2ysea54
MD5

84a0ef6284a972507f1954bccb2ba280
SHA1

cbafce7d19ab6c6db7c3973d669d7573ed959e5e
SHA256

f29820e552e38a55315df845e594b2bd778ff5054911e88d76606df26719808f
SHA512

0f14d22e4f6eb5ab70d8c9c1c044db50191e4c054175c8ed87ec79397952592c87d6076c41195018aef20681c65a3a687ec10cd594ee984d41070cd9084dc2ed
SSDEEP

49152:LY3buzMu0IY3buzM30IY3buzMn0IY3buzM80IY3buzMA0IY3buzM40:LY3uY3PY3PY3IY3EY3

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  84a0ef6284a972507f1954bccb2ba280_NEIKI
- Size
  
  4.2MB
- MD5
  
  84a0ef6284a972507f1954bccb2ba280
- SHA1
  
  cbafce7d19ab6c6db7c3973d669d7573ed959e5e
- SHA256
  
  f29820e552e38a55315df845e594b2bd778ff5054911e88d76606df26719808f
- SHA512
  
  0f14d22e4f6eb5ab70d8c9c1c044db50191e4c054175c8ed87ec79397952592c87d6076c41195018aef20681c65a3a687ec10cd594ee984d41070cd9084dc2ed
- SSDEEP
  
  49152:LY3buzMu0IY3buzM30IY3buzMn0IY3buzM80IY3buzMA0IY3buzM40:LY3uY3PY3PY3IY3EY3
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware