fakeav | 916b26e29a3ef1bfa5190fc41e77fabf09739fd0e34425c73924c5ee3dbc53c2 | Triage

Submit
Reports

Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

Static

static

916b26e29a...c2.exe

windows7_x64

916b26e29a...c2.exe

windows10_x64

Sharing

General

Target

916b26e29a3ef1bfa5190fc41e77fabf09739fd0e34425c73924c5ee3dbc53c2
Size

928KB
Sample

210515-7wmlksxqv6
MD5

103a334028ffd116e5cd828b98e3c323
SHA1

2f8c2a3f3f57b2d9a81dae0c20322097c372f081
SHA256

916b26e29a3ef1bfa5190fc41e77fabf09739fd0e34425c73924c5ee3dbc53c2
SHA512

f761ccc408a1e78289499bf253dad5d6a36ab3f6672c2b29941b58aa84c32f97e8f974d90a83cbda57fa122295f277e7e85b1eb00a7c61f58dbd1b2c6e2abc3d

Score

10^/10

fakeav xmrig fakeav miner persistence spyware

Static task

static1

fakeav spyware fakeav

Behavioral task

behavioral1

Sample

916b26e29a3ef1bfa5190fc41e77fabf09739fd0e34425c73924c5ee3dbc53c2.exe

Resource

win7v20210410

fakeav xmrig fakeav miner persistence spyware

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

916b26e29a3ef1bfa5190fc41e77fabf09739fd0e34425c73924c5ee3dbc53c2.exe

Resource

win10v20210410

fakeav xmrig fakeav miner persistence spyware

windows10_x64

0 signatures

0 seconds

Malware Config

Targets

- Target
  
  916b26e29a3ef1bfa5190fc41e77fabf09739fd0e34425c73924c5ee3dbc53c2
- Size
  
  928KB
- MD5
  
  103a334028ffd116e5cd828b98e3c323
- SHA1
  
  2f8c2a3f3f57b2d9a81dae0c20322097c372f081
- SHA256
  
  916b26e29a3ef1bfa5190fc41e77fabf09739fd0e34425c73924c5ee3dbc53c2
- SHA512
  
  f761ccc408a1e78289499bf253dad5d6a36ab3f6672c2b29941b58aa84c32f97e8f974d90a83cbda57fa122295f277e7e85b1eb00a7c61f58dbd1b2c6e2abc3d
Score

10^/10

fakeav xmrig fakeav miner persistence spyware
- FakeAV, RogueAntivirus
  FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.
  fakeav spyware fakeav
- xmrig
  XMRig is a high performance, open source, cross platform CPU/GPU miner.
  miner xmrig
- FakeAV payload
  fakeav spyware
- Executes dropped EXE
- Sets file execution options in registry
  persistence
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Drops file in System32 directory
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

fakeavspywarefakeav

behavioral1

fakeavxmrigfakeavminerpersistencespyware

behavioral2

fakeavxmrigfakeavminerpersistencespyware

© 2018-2025

Terms | Privacy