Overview

overview

10

Static

static

10

cfac0fedbb...b1.exe

windows7_x64

10

cfac0fedbb...b1.exe

windows10_x64

10

Resubmissions

17-01-2021 17:54

210117-7e5s6crds6 10

14-12-2020 16:38

201214-dnnk64wvks 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    cfac0fedbb2f5e8d8f1c1bd27fe74cb1

  • Size

    5.4MB

  • Sample

    210117-7e5s6crds6

  • MD5

    cfac0fedbb2f5e8d8f1c1bd27fe74cb1

  • SHA1

    8428f346686bfa3ff01627497b22a35d32992806

  • SHA256

    ccf1261bd2cb9a4f4a5ab144481dc52a3c8eec2e672a46a69ce0031e16ac9231

  • SHA512

    4d48cf5a3ff7efbededbd2b19df45de73d3e3bcc88b645322b00647e5df316282f3d607fd151ede645b963cafa6b0cbc01ff99694c61b9e53b3b2408ae9446db

Score
10/10
fakeavxmrigfakeavminerpersistencespyware

Malware Config

Targets

    • Target

      cfac0fedbb2f5e8d8f1c1bd27fe74cb1

    • Size

      5.4MB

    • MD5

      cfac0fedbb2f5e8d8f1c1bd27fe74cb1

    • SHA1

      8428f346686bfa3ff01627497b22a35d32992806

    • SHA256

      ccf1261bd2cb9a4f4a5ab144481dc52a3c8eec2e672a46a69ce0031e16ac9231

    • SHA512

      4d48cf5a3ff7efbededbd2b19df45de73d3e3bcc88b645322b00647e5df316282f3d607fd151ede645b963cafa6b0cbc01ff99694c61b9e53b3b2408ae9446db

    Score
    10/10
    fakeavxmrigfakeavminerpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • FakeAV payload

      fakeavspyware

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks