General

  • Target

    2f571d4659157d8a3c3eca7b6fd261cc

  • Size

    2.8MB

  • Sample

    201214-j7d17vcbza

  • MD5

    2f571d4659157d8a3c3eca7b6fd261cc

  • SHA1

    de774d19cc6e5e03743da8836457e741fde25a09

  • SHA256

    f67ce7f7e0c5a7e649800fbc54d83a4c15e47f1573df38fe7693b43eec790eab

  • SHA512

    95faa7fe60961b7e1fc6a07b2c7046554c395e1c1fe2d67ee24e26117322bf729a807f56bc6c21d66d770076cfc4c2bae2fd1152f88a846da41674427b2594f0

Malware Config

Targets

    • Target

      2f571d4659157d8a3c3eca7b6fd261cc

    • Size

      2.8MB

    • MD5

      2f571d4659157d8a3c3eca7b6fd261cc

    • SHA1

      de774d19cc6e5e03743da8836457e741fde25a09

    • SHA256

      f67ce7f7e0c5a7e649800fbc54d83a4c15e47f1573df38fe7693b43eec790eab

    • SHA512

      95faa7fe60961b7e1fc6a07b2c7046554c395e1c1fe2d67ee24e26117322bf729a807f56bc6c21d66d770076cfc4c2bae2fd1152f88a846da41674427b2594f0

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • FakeAV payload

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks