Overview

overview

10

Static

static

10

f9f0f7bae0...a0.exe

windows7_x64

10

f9f0f7bae0...a0.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    f9f0f7bae0f0c0acc1b1b41f6cdb90a0

  • Size

    2.8MB

  • Sample

    201214-ezlaeevp7a

  • MD5

    f9f0f7bae0f0c0acc1b1b41f6cdb90a0

  • SHA1

    dcaf41a135cc322ece37978c570cba30dfd43d61

  • SHA256

    8f4faffa3b18053d27a9cbebb29fd96568f37f759a9306e23ff8a8f7948869c4

  • SHA512

    6df83c8bceceb3f5a4048977fea01df1bd044b735322a12dbc527ff9015b29de10cf7cad4fba08882bbd7afcb77e8bea4c7c233894ab80ac03460316635d0aa6

Score
10/10
fakeavxmrigfakeavminerpersistencespyware

Malware Config

Targets

    • Target

      f9f0f7bae0f0c0acc1b1b41f6cdb90a0

    • Size

      2.8MB

    • MD5

      f9f0f7bae0f0c0acc1b1b41f6cdb90a0

    • SHA1

      dcaf41a135cc322ece37978c570cba30dfd43d61

    • SHA256

      8f4faffa3b18053d27a9cbebb29fd96568f37f759a9306e23ff8a8f7948869c4

    • SHA512

      6df83c8bceceb3f5a4048977fea01df1bd044b735322a12dbc527ff9015b29de10cf7cad4fba08882bbd7afcb77e8bea4c7c233894ab80ac03460316635d0aa6

    Score
    10/10
    fakeavfakeavpersistencespywarexmrigminer

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • FakeAV payload

      fakeavspyware

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks