General

  • Target

    7ebff5d42cbdc2e5e11ef4d0f1967ed3

  • Size

    3.5MB

  • Sample

    201214-wxzbatqjne

  • MD5

    7ebff5d42cbdc2e5e11ef4d0f1967ed3

  • SHA1

    e4dbd8f8a73209fe205b5b125277898eb682c904

  • SHA256

    ec5123164f471869777ef1cf60fedfa4cb1d8b5d348c62530ae10849ff67d33f

  • SHA512

    076b09acb81fe3f86dacf00ad0705303ff0049766ec1a7b3980b29079590025f71e98933a1a453b8b9a747dbf252b531ecbeeba69cdd43e1998eb3f32e0cf3fa

Malware Config

Targets

    • Target

      7ebff5d42cbdc2e5e11ef4d0f1967ed3

    • Size

      3.5MB

    • MD5

      7ebff5d42cbdc2e5e11ef4d0f1967ed3

    • SHA1

      e4dbd8f8a73209fe205b5b125277898eb682c904

    • SHA256

      ec5123164f471869777ef1cf60fedfa4cb1d8b5d348c62530ae10849ff67d33f

    • SHA512

      076b09acb81fe3f86dacf00ad0705303ff0049766ec1a7b3980b29079590025f71e98933a1a453b8b9a747dbf252b531ecbeeba69cdd43e1998eb3f32e0cf3fa

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

    • FakeAV payload

    • Executes dropped EXE

    • Sets file execution options in registry

    • Loads dropped DLL

    • Adds Run key to start application

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v6

Tasks