General

  • Target

    64649722036292f17d7f03353c3ea138

  • Size

    3.5MB

  • Sample

    201214-57kp7ssr76

  • MD5

    64649722036292f17d7f03353c3ea138

  • SHA1

    b3c54a63050a99e8810bb434a9c56a0e843ec216

  • SHA256

    ad2d47d401237bdd9fc26d8950093f5016a94142831f28a844ac9955c58d286f

  • SHA512

    8a710da165c3c9794b72a96dc517ebf39517fe9b409bda170d0ed229efd50b904b3349695ded27502d79bd77911db4eb6fc4a1554c94c3c488f51d24c5677bbe

Malware Config

Targets

    • Target

      64649722036292f17d7f03353c3ea138

    • Size

      3.5MB

    • MD5

      64649722036292f17d7f03353c3ea138

    • SHA1

      b3c54a63050a99e8810bb434a9c56a0e843ec216

    • SHA256

      ad2d47d401237bdd9fc26d8950093f5016a94142831f28a844ac9955c58d286f

    • SHA512

      8a710da165c3c9794b72a96dc517ebf39517fe9b409bda170d0ed229efd50b904b3349695ded27502d79bd77911db4eb6fc4a1554c94c3c488f51d24c5677bbe

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • FakeAV payload

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks