General

  • Target

    415877ff1fc986d0cba0ebb3eb53a7aa

  • Size

    2.8MB

  • Sample

    201214-nk6jtp57le

  • MD5

    415877ff1fc986d0cba0ebb3eb53a7aa

  • SHA1

    8d23ddfaeacafe3d94d38f41ff265712a7b34b6a

  • SHA256

    5e707a71e9fc3d0fd288fd7fab2a1147f64d26b85ef31891eb8f9d45258d4463

  • SHA512

    9e91d126eb29df45fb136c5a8949151e118b74cbbcba9ddcd95a9850069e0c083eb5d77bbe05b7cbf4bbead92ba00989b4cf5b93ac3d8a597718f532646dbb27

Malware Config

Targets

    • Target

      415877ff1fc986d0cba0ebb3eb53a7aa

    • Size

      2.8MB

    • MD5

      415877ff1fc986d0cba0ebb3eb53a7aa

    • SHA1

      8d23ddfaeacafe3d94d38f41ff265712a7b34b6a

    • SHA256

      5e707a71e9fc3d0fd288fd7fab2a1147f64d26b85ef31891eb8f9d45258d4463

    • SHA512

      9e91d126eb29df45fb136c5a8949151e118b74cbbcba9ddcd95a9850069e0c083eb5d77bbe05b7cbf4bbead92ba00989b4cf5b93ac3d8a597718f532646dbb27

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • FakeAV payload

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks