Overview

overview

10

Static

static

10

13d558db16...aa.exe

windows7_x64

10

13d558db16...aa.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    13d558db16b10396bd7a1db69fc3a2149e111b4a9b8d3f794b01b0bb8c7713aa

  • Size

    7.1MB

  • Sample

    210517-8l5wdvkqws

  • MD5

    96a0ba640741f0339a6ba0be50371084

  • SHA1

    436d938f03b74e12488e4f817033605e1e225496

  • SHA256

    13d558db16b10396bd7a1db69fc3a2149e111b4a9b8d3f794b01b0bb8c7713aa

  • SHA512

    cf6bc9e0d76b4b3cb0bdc77e43e343b68000055447b5fa3c6765f4ca06efa47102e7415d60aa46c3eff0e92febb64ee218ee6861f96acb3e4437929f1f3c5d2d

Score
10/10
fakeavxmrigfakeavminerpersistencespyware

Malware Config

Targets

    • Target

      13d558db16b10396bd7a1db69fc3a2149e111b4a9b8d3f794b01b0bb8c7713aa

    • Size

      7.1MB

    • MD5

      96a0ba640741f0339a6ba0be50371084

    • SHA1

      436d938f03b74e12488e4f817033605e1e225496

    • SHA256

      13d558db16b10396bd7a1db69fc3a2149e111b4a9b8d3f794b01b0bb8c7713aa

    • SHA512

      cf6bc9e0d76b4b3cb0bdc77e43e343b68000055447b5fa3c6765f4ca06efa47102e7415d60aa46c3eff0e92febb64ee218ee6861f96acb3e4437929f1f3c5d2d

    Score
    10/10
    fakeavfakeavpersistencespywarexmrigminer

    • FakeAV, RogueAntivirus

      FakeAV or Rogue AntiVirus is a class of malware that displays false alert messages.

      fakeavspywarefakeav

    • xmrig

      XMRig is a high performance, open source, cross platform CPU/GPU miner.

      minerxmrig

    • FakeAV payload

      fakeavspyware

    • Executes dropped EXE

    • Sets file execution options in registry

      persistence

    • Loads dropped DLL

    • Adds Run key to start application

      persistence

    • Drops file in System32 directory

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks