Overview

overview

10

Static

static

10

acdbe5cf3a...6f.exe

windows7_x64

10

acdbe5cf3a...6f.exe

windows10_x64

10

Resubmissions

17-01-2021 19:16

210117-hz4b9cxcyj 10

14-12-2020 12:43

201214-p76rtw7j1a 10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    acdbe5cf3a3099437ee4cc259c80c66f

  • Size

    724KB

  • Sample

    210117-hz4b9cxcyj

  • MD5

    acdbe5cf3a3099437ee4cc259c80c66f

  • SHA1

    d6acde8366319eb3714e68371746c48e386df879

  • SHA256

    ff7bac4e9f34775b625984015067fc0b96f49a42418ad68bb10036780315737f

  • SHA512

    79eec36cd93cdd209a33b7702c85fa7144eb86c24029fca8005a2abe86a72c248c8bff2c16241d747f8bbcc5d7b44fb7a944cf524ba3b940d28371814d8e3408

Score
10/10
fakeavxmrigfakeavminerpersistencespyware

Malware Config

Targets

    • Target

      acdbe5cf3a3099437ee4cc259c80c66f

    • Size

      724KB

    • MD5

      acdbe5cf3a3099437ee4cc259c80c66f

    • SHA1

      d6acde8366319eb3714e68371746c48e386df879

    • SHA256

      ff7bac4e9f34775b625984015067fc0b96f49a42418ad68bb10036780315737f

    • SHA512

      79eec36cd93cdd209a33b7702c85fa7144eb86c24029fca8005a2abe86a72c248c8bff2c16241d747f8bbcc5d7b44fb7a944cf524ba3b940d28371814d8e3408

    Score
    10/10
    fakeavxmrigfakeavminerpersistencespyware

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • FakeAV payload

      fakeavspyware

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks