General

  • Target

    39b16211e027241e8b0dd90cc3f26858

  • Size

    2.8MB

  • Sample

    201214-lld6e2nazx

  • MD5

    39b16211e027241e8b0dd90cc3f26858

  • SHA1

    eb33a95bfe0cbf964fbc5a7798975904cb0fdebb

  • SHA256

    444d912754ff49487d562933223a2cea1ee7dd55355664cdde870508f2c70f3c

  • SHA512

    4040a666541499482220e974bf51754d2be92ae108906c2a8bc0954b426657db21146f0b5d3820d0448fb4150bc0b0938887c405a2586d0a704534e647b0f800

Malware Config

Targets

    • Target

      39b16211e027241e8b0dd90cc3f26858

    • Size

      2.8MB

    • MD5

      39b16211e027241e8b0dd90cc3f26858

    • SHA1

      eb33a95bfe0cbf964fbc5a7798975904cb0fdebb

    • SHA256

      444d912754ff49487d562933223a2cea1ee7dd55355664cdde870508f2c70f3c

    • SHA512

      4040a666541499482220e974bf51754d2be92ae108906c2a8bc0954b426657db21146f0b5d3820d0448fb4150bc0b0938887c405a2586d0a704534e647b0f800

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • FakeAV payload

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks