General

  • Target

    519ca5e26ce20e7d52fc10f24b16b838

  • Size

    2.8MB

  • Sample

    201214-g9fw1ln7f6

  • MD5

    519ca5e26ce20e7d52fc10f24b16b838

  • SHA1

    b32746431e7e1a8ff9bb789906b46a4a4db06ead

  • SHA256

    38997b90f10bbad842fcf50b33d2907a84a497a0571ca90bfce9a04b50178f68

  • SHA512

    ce977bca2e6655137a098e28484e39227b2ff5e3c0dd527909ccd81a1b2ac292ec162ecf1040e10882ec226fa7593903e832dc17b7811d7a80d2a057087f053b

Malware Config

Targets

    • Target

      519ca5e26ce20e7d52fc10f24b16b838

    • Size

      2.8MB

    • MD5

      519ca5e26ce20e7d52fc10f24b16b838

    • SHA1

      b32746431e7e1a8ff9bb789906b46a4a4db06ead

    • SHA256

      38997b90f10bbad842fcf50b33d2907a84a497a0571ca90bfce9a04b50178f68

    • SHA512

      ce977bca2e6655137a098e28484e39227b2ff5e3c0dd527909ccd81a1b2ac292ec162ecf1040e10882ec226fa7593903e832dc17b7811d7a80d2a057087f053b

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • FakeAV payload

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks