General

  • Target

    764cd30e1933c81cfcb985e6bd1c72a8

  • Size

    2.8MB

  • Sample

    201214-cy9ew7d4an

  • MD5

    764cd30e1933c81cfcb985e6bd1c72a8

  • SHA1

    a99a2d2fddafa3ad78df1228d86bc6f528d43db5

  • SHA256

    19df5a00ebce5c4da7edb33e41c1e78ea88ac178c8cbdca5cf4ab2a29c16fc38

  • SHA512

    3f530388db769f9c43295cb5bbcde3e24048137f5beaff3b6fbf5eb61d30ea8ca33f4442f08dc45ec5f066c9b9c715b9d68454211c99482b522e2fd30625c24b

Malware Config

Targets

    • Target

      764cd30e1933c81cfcb985e6bd1c72a8

    • Size

      2.8MB

    • MD5

      764cd30e1933c81cfcb985e6bd1c72a8

    • SHA1

      a99a2d2fddafa3ad78df1228d86bc6f528d43db5

    • SHA256

      19df5a00ebce5c4da7edb33e41c1e78ea88ac178c8cbdca5cf4ab2a29c16fc38

    • SHA512

      3f530388db769f9c43295cb5bbcde3e24048137f5beaff3b6fbf5eb61d30ea8ca33f4442f08dc45ec5f066c9b9c715b9d68454211c99482b522e2fd30625c24b

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • FakeAV payload

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks