General

  • Target

    4285e2a94de479685d8f0e79582ffb1f

  • Size

    2.8MB

  • Sample

    201214-ldzj37s1gj

  • MD5

    4285e2a94de479685d8f0e79582ffb1f

  • SHA1

    d64f0c65c2796ebd10ea2a343dc9e4a2baeac995

  • SHA256

    81d5c739a236a5287070b22df02eb5cf265c45a9986a3c1adf6ff2076adf6208

  • SHA512

    bb7816d6cf818d0aa9ed720aa2933ba34adbaf7117746ef530f38f3460ccca5aa1b7a6686c9e90a3f3504207e2fe7358a03f1cb446496a84379d712a333ebaaa

Malware Config

Targets

    • Target

      4285e2a94de479685d8f0e79582ffb1f

    • Size

      2.8MB

    • MD5

      4285e2a94de479685d8f0e79582ffb1f

    • SHA1

      d64f0c65c2796ebd10ea2a343dc9e4a2baeac995

    • SHA256

      81d5c739a236a5287070b22df02eb5cf265c45a9986a3c1adf6ff2076adf6208

    • SHA512

      bb7816d6cf818d0aa9ed720aa2933ba34adbaf7117746ef530f38f3460ccca5aa1b7a6686c9e90a3f3504207e2fe7358a03f1cb446496a84379d712a333ebaaa

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • FakeAV payload

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks