fakeav | caea780e1dee9c7dca95c6b004acddc0c9718d68dacf0f0924ec903006aa2324 | Triage

Sharing

General

Target

35967794d0fcde7438f453b253558250.exe
Size

711KB
Sample

240706-dhdt8awgka
MD5

35967794d0fcde7438f453b253558250
SHA1

cd946a5ed47793be2db16810b1ec9b3214a8085d
SHA256

caea780e1dee9c7dca95c6b004acddc0c9718d68dacf0f0924ec903006aa2324
SHA512

d5753932fa9db1fb4a19d8d4e068cf6d3d5e5a482a0fe33830d74d365750815f0a12377bab6daac385c77eb4360472841270889f15c2d5356c53d8f5360f446b
SSDEEP

12288:yoxejOONAM7GUC1Jr+4o628gx2Jw+tP3Jzm8JO8HXC3X+pd167QhEQO:hxY3NtGUmJr+4Obxd+tPZSZoiE6EhE

Score

10^/10

fakeav fakeav persistence spyware

Malware Config

Targets

- Target
  
  35967794d0fcde7438f453b253558250.exe
- Size
  
  711KB
- MD5
  
  35967794d0fcde7438f453b253558250
- SHA1
  
  cd946a5ed47793be2db16810b1ec9b3214a8085d
- SHA256
  
  caea780e1dee9c7dca95c6b004acddc0c9718d68dacf0f0924ec903006aa2324
- SHA512
  
  d5753932fa9db1fb4a19d8d4e068cf6d3d5e5a482a0fe33830d74d365750815f0a12377bab6daac385c77eb4360472841270889f15c2d5356c53d8f5360f446b
- SSDEEP
  
  12288:yoxejOONAM7GUC1Jr+4o628gx2Jw+tP3Jzm8JO8HXC3X+pd167QhEQO:hxY3NtGUmJr+4Obxd+tPZSZoiE6EhE
Score

10^/10

fakeav fakeav persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- FakeAV payload
  fakeav spyware
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavfakeavpersistencespyware

behavioral2

fakeavfakeavpersistencespyware