fakeav | 3e215c43a69dea075c9b70752490bd36a03154d053e81b1efe670d90a52d8059 | Triage

Submit
Reports

Overview

overview

Static

static

3e215c43a6...59.exe

windows7_x64

3e215c43a6...59.exe

windows10_x64

Sharing

General

Target

3e215c43a69dea075c9b70752490bd36a03154d053e81b1efe670d90a52d8059
Size

6.4MB
Sample

210504-kefm14j9h6
MD5

f1d6b6458519fae83f9024543b5d4960
SHA1

4cc1d639bd230d496b005d4d2c264fcd05f5a01d
SHA256

3e215c43a69dea075c9b70752490bd36a03154d053e81b1efe670d90a52d8059
SHA512

405c03d93de57d6a43015572cbcd5023cdede4e1f42517d9235e320782ffa12cab3c6e5d91b8905d42b48798a84418b428a9e3a1b3d330b96ead3d54af2fe418

Score

10^/10

fakeav xmrig fakeav miner persistence spyware

Static task

static1

fakeav spyware fakeav

Behavioral task

behavioral1

Sample

3e215c43a69dea075c9b70752490bd36a03154d053e81b1efe670d90a52d8059.exe

Resource

win7v20210408

fakeav xmrig fakeav miner persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

3e215c43a69dea075c9b70752490bd36a03154d053e81b1efe670d90a52d8059.exe

Resource

win10v20210408

fakeav xmrig fakeav miner persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  3e215c43a69dea075c9b70752490bd36a03154d053e81b1efe670d90a52d8059
- Size
  
  6.4MB
- MD5
  
  f1d6b6458519fae83f9024543b5d4960
- SHA1
  
  4cc1d639bd230d496b005d4d2c264fcd05f5a01d
- SHA256
  
  3e215c43a69dea075c9b70752490bd36a03154d053e81b1efe670d90a52d8059
- SHA512
  
  405c03d93de57d6a43015572cbcd5023cdede4e1f42517d9235e320782ffa12cab3c6e5d91b8905d42b48798a84418b428a9e3a1b3d330b96ead3d54af2fe418
Score

10^/10

fakeav xmrig fakeav miner persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- FakeAV payload
  fakeav spyware
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavxmrigfakeavminerpersistencespyware

behavioral2

fakeavxmrigfakeavminerpersistencespyware

© 2018-2024

Terms | Privacy