Overview

overview

10

Static

static

10

074da61af9...b1.exe

windows7_x64

10

074da61af9...b1.exe

windows10_x64

10

Resubmissions

17-01-2021 19:17

210117-95dtbjfvlx 10

14-12-2020 13:29

201214-93c3n7c8e2 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    074da61af9ccb589302c910345868ab1

  • Size

    2.8MB

  • Sample

    210117-95dtbjfvlx

  • MD5

    074da61af9ccb589302c910345868ab1

  • SHA1

    d0d650b0a1135c3eec5e6745c3412d1220a5953e

  • SHA256

    c8b5a20926236b4cbc09d13d21b2b434e25aeb91e87a045ef103392a3bf57fdc

  • SHA512

    a5095f6395fa714e76e5f0c503aef5cacb45e1459403e985ed048986caf4eea9712bd8cebe08c86a1a9880e95818d872f7638eaab0816453935f65afccc9f20b

Score
10/10
fakeavxmrigfakeavminerpersistencespyware

Malware Config

Targets

    • Target

      074da61af9ccb589302c910345868ab1

    • Size

      2.8MB

    • MD5

      074da61af9ccb589302c910345868ab1

    • SHA1

      d0d650b0a1135c3eec5e6745c3412d1220a5953e

    • SHA256

      c8b5a20926236b4cbc09d13d21b2b434e25aeb91e87a045ef103392a3bf57fdc

    • SHA512

      a5095f6395fa714e76e5f0c503aef5cacb45e1459403e985ed048986caf4eea9712bd8cebe08c86a1a9880e95818d872f7638eaab0816453935f65afccc9f20b

    Score
    10/10
    fakeavxmrigfakeavminerpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • FakeAV payload

      fakeavspyware

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks