General

  • Target

    82fb0f06f6560aecc6cda3110015ea26

  • Size

    5.4MB

  • Sample

    201214-p9yddfgxse

  • MD5

    82fb0f06f6560aecc6cda3110015ea26

  • SHA1

    4a7e84b33d9dda38fd0fd02cad71ba01c405f7dd

  • SHA256

    32fbe80883b892704eb40e25124d0bca12d7785868d02ff4474ec4915a66d434

  • SHA512

    5c44033f5590cdf558a1c5e98416cfb488097309c16d5573658d4fbc7203d6fd634e43032438a784f734a71c8428b418267fc0e2211501bd847f4f5a790d95c5

Malware Config

Targets

    • Target

      82fb0f06f6560aecc6cda3110015ea26

    • Size

      5.4MB

    • MD5

      82fb0f06f6560aecc6cda3110015ea26

    • SHA1

      4a7e84b33d9dda38fd0fd02cad71ba01c405f7dd

    • SHA256

      32fbe80883b892704eb40e25124d0bca12d7785868d02ff4474ec4915a66d434

    • SHA512

      5c44033f5590cdf558a1c5e98416cfb488097309c16d5573658d4fbc7203d6fd634e43032438a784f734a71c8428b418267fc0e2211501bd847f4f5a790d95c5

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • FakeAV payload

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks